On Mon, Jan 22, 2018 at 9:27 PM, Salz, Rich <rsalz@xxxxxxxxxx> wrote: > ➢ I don't see CA/Browser Forums listed, but I do see RFC 3280 listed. > > The page also says it’s “casually maintained.” Feel free to create a PR on openssl/web repo. :) > > IETF RFC’s aren’t perfect; that’s why there are errata. Dragging this all the way to “we’re ignoring the words” is not nor accurate. Someone who wants to argue that OpenSSL is doing the wrong thing here, should go to the IETF LAMPS WG and raise the issue. If OpenSSL want to change the standard so that it aligns with the project's implementation then the project should go to LAMP. Otherwise, the project is acting without authority. OpenSSL cannot arbitrarily decide to do something else on a suggestion or a whim. You know, this issue could have been side stepped by providing both behaviors, making one default, and allowing the user to make the choice. Instead, the project wrapped its arms around the solution that broke interop. I can't help but wonder, doesn't anyone think these decisions through? Thank god Andy has not broken AES interop by whitening AES keys because some people think it is a good idea. Jeff -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users