On 02/05/17 10:18, Rob Stradling via Public wrote: > Or you could embed all of this into a single Certificate Policy OID. (off-list) Would that not be problematic if, as a previous message in the thread noted, there wasn't an anyPolicy OID in the intermediate? Or am I misunderstanding how this works? Gerv