On Mon, Apr 6, 2015 at 2:42 PM, Yuting Chen <chenyt at cs.sjtu.edu.cn> wrote: > As Jeffrey Walton's comment, the standard is > very malleable, making cert path validation a > little unpredictable. > Generally speaking, RFC 6125 is used to validate a PKIX certificate. Unfortunately, the RFC does not mention AKIs and SKIs. As far as validations go, they do not exist. So the validation steps have to be synthesized from RFC 5280. I think it also means anything goes as far as validating the AKIs and SKIs. PKI is the wild, wild, west. Jeff
