-----Original Message-----
From: Trevor Freeman [mailto:trevorf(_at_)windows(_dot_)microsoft(_dot_)com]
Sent: Wednesday, February 19, 2003 4:45 PM
To: Blake Ramsdell; ietf-smime(_at_)imc(_dot_)org
Subject: RE: Extended Key Usage extension and S/MIME
RFC3280 requires a client who understands an extension to
implement its
contents regardless of the criticality flag. The critical flag tells a
client who don't understand that extension if it they can use the cert
or not.
This is consistent with Jim's comment also, and I agree that I was
misinterpreting the field.
If the extended key usage extension is present and the client
implements
the extension, and it does not contain at least one of the
anyExtendedKeyUsage or the emailProtection key purpose Ids, then the
certificate is not considered suitable for verifying signatures or key
management. Otherwise,
continue with normal certificate processing.
OK, I'm proceeding with this. Any controversy around the
"anyExtendedKeyUsage" purpose?
Blake