Closed louridas closed 3 years ago
The spec says this (next senstence):
"In absence of any key usage extension, this certificate can be used to validate any type of HCERT."
Or in other words - if absent it is trusted/used in all circumstancs. No limitations.
I am referring to the particular case where the key usage extension exists but it does not contain any identifier.
I understand that it will be treated as if it did not exist at all?
Types constrain it. If there are zero - I'd say it is not contrained.
Do you want to propose some new wording for the next vesion ?
Perhaps:
If present the verifiers SHALL verify => If present with non zero key usage policy identifiers the verifiers SHALL verify
In A.4 of the spec it is stated that:
What should the verifier do when the extended key usage extension exists but contains zero key usage policy identifiers?