Bob Jueneman wrote: > Oscar, that's a thought, and one of a number of possibilities. > > But one of the most important issues that your suggestion brings up > is whether NR has anything to do with a CA AT ALL, and therefore > whether it is appropriate to represent in a CertPolicyId extension. True. I am, however, regretfully ignorant regarding the requirements existing and emerging digital signature legislation might set on the presence or absence of keyUsage bits in end-entity certificates. There may, for all I know, exist Certification Authorities that are legally bound to set, and thus applications legally bound to interpret, the non-repudiation bit in a certain fashion. //oscar
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature