[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Extended Key Usage extension and S/MIME
I disagree with the non-critical interperation. I believe that it
SHOULD be respected even if the extension is not marked critical.
> -----Original Message-----
> From: owner-ietf-smime@xxxxxxxxxxxx
> [mailto:owner-ietf-smime@xxxxxxxxxxxx] On Behalf Of Blake Ramsdell
> Sent: Wednesday, February 19, 2003 3:45 PM
> To: ietf-smime@xxxxxxx
> Subject: Extended Key Usage extension and S/MIME
> I received a request to include language regarding the extended key
> usage certificate extension in the next version of the CERT draft.
> It seems that the language is basically:
> If the extended key usage extension is present and marked
> critical, and
> it does not contain at least one of the anyExtendedKeyUsage or the
> emailProtection key purpose Ids, then the certificate is not
> suitable for verifying signatures or key management. Otherwise,
> continue with normal certificate processing.
> So the point is that if:
> 1. The extension is present and not marked critical, and
> doesn't contain
> emailProtection or anyExtendedKeyUsage, no one cares because it isn't
> critical, and processing continues
> 2. The extension is present and marked critical and doesn't contain
> emailProtection or anyExtendedKeyUsage, it's rejected
> 3. If it's not present, then processing continues
> Anyone have any understanding of the current use of this extension, so
> that we might have some assurance that this is the right way to move
> forward, or is that outside the scope of this?
> Blake Ramsdell | Brute Squad Labs | http://www.brutesquadlabs.com