> RFC 7169 > Title: The NSA (No Secrecy Afforded) > Certificate Extension > URL: http://www.rfc-editor.org/rfc/rfc7169.txt i do not understand why this extension is needed. the 5eyes have all your keys. the flag should always be on. is the real intent that, when the extension/flag is not on in a received certificate, then you know it is bogus? randy