[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Interaction of extendedKeyUsage and keyUsage

To: "'ietf-pkix@xxxxxxx'" <ietf-pkix@xxxxxxx>
Subject: Interaction of extendedKeyUsage and keyUsage
From: "Salz, Rich" <SalzR@xxxxxxxxxx>
Date: Wed, 27 Oct 1999 11:43:39 -0400

Hypotheses:
    1 if no KU extension is present, the cert can be used for "anything"
    2 if KU is present, the cert can only be used as specified by the bits
    3 if a particular OID appears in the EKU, the cert can be used as
      specified by that OID.
    4 if the OID does not appear -- or if the EKU is empty -- the cert
      cannot be used
Are those correct?
If so, what happens when #3 meets #1.  E.g., suppose a certificate has
id-kp-OCSPSigning in its EKU as specified by RFC2560. Must it have KU with
digitalSignature, as indicated by RFC2459?

Prev by Date: RE: CRL Distribution Points
Next by Date: RE: New draft - NULL Public Key Signatures
Previous by thread: I-D ACTION:draft-ietf-pkix-new-part1-00.txt
Next by thread: The best long distance International rates
Index(es):
- Date
- Thread