On 3/27/13 10:11 PM, "Martin Rex" <mrex(_at_)sap(_dot_)com> wrote:
It was the Security co-AD Russ Housley who indicated _early_ during
the discussion of that draft (2.5 years after it had been adopted
as a WG item) that he considered some of the suggested abuses of
existing error codes "unacceptable"
For the record. Russ comment was:
"I find the use of "unauthorized" to indicate that a client cannot make a
multi-certificate request unacceptable."
Which is completely different from your raised concern.
/Stefan