On Sun, Jan 21, 2018 at 6:38 PM, Salz, Rich via openssl-users <openssl-users@xxxxxxxxxxx> wrote: > ➢ The sensible thing at this point is to publish an update to RFC5280 > that accepts reality. > > Yes, and there’s an IETF place to do that if anyone is interested; see the LAMPS working group. Related, the subject came up recently on the PKIX mailing list: "Next edition of X.509", https://www.ietf.org/mail-archive/web/pkix/current/msg33478.html . https://www.ietf.org/mail-archive/web/pkix/current/msg33489.html was a proposal to modify the text. The modifications appear to propose KU and EKU cast a wider net to accommodate IoT gadgets. https://www.ietf.org/mail-archive/web/pkix/current/msg33490.html was a comment to avoid the modification. The objection stated to an OID for the new usages to accommodate the use cases. Another thread of interest from SAAG is "Considerations about the need to resume PKIX work", https://mailarchive.ietf.org/arch/msg/saag/BJWLw-XZvq_fgCYDldCDLVamNbg There does not seem to be a lot of interest in revising PKIX. I persoanlly find it disappointing because it seems like it is the wild, wild west to me. Jeff -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
