nThe
“critical flag” on an extension is used to protect the issuing CA from assumptions made by software
that doesn’t understand (implement support for) a particular extension
nIf
the flag is set, relying parties must process the extension if
they recognize it, or reject the certificate
nIf
the flag is not set, the extension may be ignored