The other problem is that it does not address the four corners issue.
The reason certificate policies were largely abandoned as a means of
specifying the criteria for issuing a certificate was that they
might not be binding in court. As Michael Baum points out, a court
might decide that they are not even admissible. Courts are likely
to decide to restrict their debate to the 'four corners' of the
document in dispute.
As Warwick Ford just pointed out to me. The 'certificate policies'
I am referring to here are the old style PEM/RFC 1442 scheme of
Policy Certificates. This is not the same as X.509v3 Certificate
Policies which *are* a good idea but unfortunately happen to have
a confusingly similar name :-(
Phill
smime.p7s
Description: S/MIME Cryptographic Signature