RE: Key usage. No, wait, *extended* key usage
1998-02-13 12:53:58
John,
I agree with your suggestion to add wording like: "Prior to using the
public key included in a certificate to support S/MIME
security services, if
the extendedKeyUsage extension is present in the certificate and is
indicated as being critical, then the S/MIME software MUST
ensure that the
id-kp-emailProtection OID is present. This check is only
required for the
end-entity certificates."
The above is not the way that I had read the docs and how
extendedKeyUsage would/should be evaluated, I am curious why you think
that only the end-entity certificate should be checked? I had thought
that the entire chain should be checked even though I did not really
expect to see any extendedKeyUsage extensions once I got off the
end-entity certificate.
I can see the case occuring where a super-CA might say that this CA can
only be used for issuing certifiate with the e-mail purpose and I am not
sure this should be so explicity disabled.
jim
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: Key usage. No, wait, *extended* key usage, (continued)
- Re: Key usage. No, wait, *extended* key usage, David P. Kemp
- Re: Key usage. No, wait, *extended* key usage, John Pawling
- RE: Key usage. No, wait, *extended* key usage, Blake Ramsdell
- RE: Key usage. No, wait, *extended* key usage, John Pawling
- RE: Key usage. No, wait, *extended* key usage, Blake Ramsdell
- RE: Key usage. No, wait, *extended* key usage, Blake Ramsdell
- Re: Key usage. No, wait, *extended* key usage, David P. Kemp
- RE: Key usage. No, wait, *extended* key usage, John Pawling
- RE: Key usage. No, wait, *extended* key usage,
Jim Schaad (Exchange) <=
- RE: Key usage. No, wait, *extended* key usage, John Pawling
- RE: Key usage. No, wait, *extended* key usage, Trevor Freeman
|
Previous by Date: |
Comment on ESS and Privacy Marks, Jim Schaad (Exchange) |
Next by Date: |
RE: Key usage. No, wait, *extended* key usage, John Pawling |
Previous by Thread: |
RE: Key usage. No, wait, *extended* key usage, John Pawling |
Next by Thread: |
RE: Key usage. No, wait, *extended* key usage, John Pawling |
Indexes: |
[Date]
[Thread]
[Top]
[All Lists] |
|
|