At 1:59 PM -0400 7/18/10, Shumon Huque wrote: >Well, one reason would be to reduce the number of verification >steps imposed on a client by a certificate with a more preferred >or more specific identity type. Is there something more than just a non-mandatory optimization? The three bullet points in the list all have MUSTs, and it sounds like these MUSTs, and the statement that "The client then orders the list in accordance with the following rules" passes muster with RFC 2119. --Paul Hoffman, Director --VPN Consortium _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf