<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Thanks, Ryan, I see the point.<br>
Is there a non extreme approach here that preserves those valuable
libraries and doesn't kill those intermediates that have been in
use for years? Could it a transitional time frame after which we
have a single, widely supported solution?<br>
<br>
Thanks,<br>
M.D. <br>
<br>
<br>
On 11/13/2014 10:53 PM, Ryan Sleevi wrote:<br>
</div>
<blockquote
cite="mid:CACvaWvbXU5FO2eQvy0PUp6Nw7mp+RpkX9rMUNacYHyWunJJqvw@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu, Nov 13, 2014 at 12:51 PM,
Moudrick M. Dadashov <span dir="ltr"><<a
moz-do-not-send="true" href="mailto:md@ssc.lt"
target="_blank">md@ssc.lt</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>It certainly does. I understand folks looking for a
programmatic discovery of cert types, but still
curious why EKU is more appropriate for this than any
other predefined field that raises no conflict with
standards.<br>
<br>
Thanks,<br>
M.D.
<div>
<div class="h5"><br>
</div>
</div>
</div>
</div>
</blockquote>
<div><br>
</div>
<div>Because it's widely implemented in a variety of
libraries and provides immediate security benefits for
clients, and immediate clarifications for CAs about in
scope vs out of scope, and doesn't conflict with any of
the language in RFC 5280 - which, while was accurate at
the time it was written ("In general, this doesn't appear
in CA certs"), is NOT a prohibition against it, just an
observation.</div>
</div>
</div>
</div>
</blockquote>
<br>
</body>
</html>