You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Per the BRs, Section 7.1.2.7.6, the Subject Key Identifier extension is NOT RECOMMENDED for end-entity Subscriber certificates.
This is because the SKID is mostly useful for path-building. It's important for it to exist in issuer certificates, so that it can be matched to the AKID of certs that they issue. But no one is building a path up to an end-entity certificate, so in those the SKID is simply consuming bytes with no real purpose.
The text was updated successfully, but these errors were encountered:
Per the BRs, Section 7.1.2.7.6, the Subject Key Identifier extension is NOT RECOMMENDED for end-entity Subscriber certificates.
This is because the SKID is mostly useful for path-building. It's important for it to exist in issuer certificates, so that it can be matched to the AKID of certs that they issue. But no one is building a path up to an end-entity certificate, so in those the SKID is simply consuming bytes with no real purpose.
The text was updated successfully, but these errors were encountered: