My questions are about PKI. I have been trying to setup a PKI and now have one setup in a lab. At that time, I did not use a CAPolicy.INF file and everything seems ok. I just registered and received my PEN number from IANA and it looks like i am supposed to put this in the Policy file before setting up my Subordinate CA. That is fine, as i plan to rebuild one more time in the lab. It looks like I am supposed to enter the PEN/OID number in the form of 1.3.6.1.4.1.MY PEN. then an object identifier for the cert template i want to use. For example, if i used
1.3.6.1.4.1.MY PEN.2.5.29.32.0 It would cover ALL Cert Templates and i'd only need the one policy? since my PKI seems to work without even building a custom CAPolicy.inf, i'm not sure why one would benefit me. It seems like it would be less administrative overhead to not even have it. Also, if I DO need to use my PEN/OID, should I make a policy for any Cert Template i think I may need in the future?