On Mon, Jan 22, 2018 at 9:01 PM, Salz, Rich via openssl-users
<openssl-users@xxxxxxxxxxx> wrote:
>
> > Here's the standards OpenSSL claims to implement:
>
> Read the whole text. It doesn’t say anything like “claims to implement.”
My bad. Here's the corrected text:
This page is a partial list of the specifications that are
relevant to OpenSSL
I don't see CA/Browser Forums listed, but I do see RFC 3280 listed.
And there are no notes on issuing polices, which is the matter at
hand. No reasonable person would expect OpenSSL to cite 61 RFCs,
including the IETF's PKIX RFCs, and not use PKIX issuing policies.
I'm befuddled someone thought and others agreed it was OK to break a
worldwide standard. The purpose of the standard is to ensure
interoperability. The break is a throwback to the verify=false days
for folks who needs things to "just work".
Jeff
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
