This extension is needed on Apr. 1st. Leaf -----Original Message----- From: ietf [mailto:ietf-bounces@xxxxxxxx] On Behalf Of Randy Bush Sent: Wednesday, April 02, 2014 8:22 AM To: IETF Disgust Subject: Re: RFC 7169 on The NSA (No Secrecy Afforded) Certificate Extension > RFC 7169 > Title: The NSA (No Secrecy Afforded) > Certificate Extension > URL: http://www.rfc-editor.org/rfc/rfc7169.txt i do not understand why this extension is needed. the 5eyes have all your keys. the flag should always be on. is the real intent that, when the extension/flag is not on in a received certificate, then you know it is bogus? randy