Reports have been coming in that in the grid world, there are two pre-rfc3820
forms of proxy certs still being used.
Old (pre-draft) format: Looks like a regular EE cert, but has been issued by
another EE (real or proxy), and can be recognised by having the issuer name as
subject name with an extra CN appended, either 'CN=proxy' or 'CN=limited proxy'
draft format: looks like a RFC3820 proxy cert, but uses OID
126.96.36.199.4.1.3536.1.222 instead of the RFC3820 OID for proxyCertInfo.
Cc to Mattias and Mischa, who have provided valuable info on this issue in
RT4602. Guys, I hope it was ok to add you. If not, please tell me and I'll take
you off this ticket.