nActual
definitions of flag usage are vague:
nX.509:
Non-critical extension “is an advisory field and does not imply that usage of
the key is restricted to the purpose indicated”
nPKIX:
“CA’s are required to support constrain extensions” but “support” is never
defined.
nS/MIME:
Implementations should “correctly handle” certain extensions
nVerisign:
“All persons shall process the extension...or else ignore the extension”