Speaking as someone who has implemented relying party tools for this, I support the current restrictive choices in the profile, for a very simple reason: I can't validate what I don't understand. The current profile is written to restrict what's allowed today to things we understand today. As Paul says, if we understand something new tomorrow, we'll have to update both profile and code. "La perfection soit atteinte non quand il n'y a plus rien à ajouter, mais quand il n'y a plus rien à retrancher." _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf