On 3/27/13 10:11 PM, "Martin Rex" <mrex@xxxxxxx> wrote: >It was the Security co-AD Russ Housley who indicated _early_ during >the discussion of that draft (2.5 years after it had been adopted >as a WG item) that he considered some of the suggested abuses of >existing error codes "unacceptable" For the record. Russ comment was: "I find the use of "unauthorized" to indicate that a client cannot make a multi-certificate request unacceptable." Which is completely different from your raised concern. /Stefan