[Top] [All Lists]

RE: Extended Key Usage extension and S/MIME

2003-02-19 18:12:53

-----Original Message-----
From: Trevor Freeman [mailto:trevorf(_at_)windows(_dot_)microsoft(_dot_)com] 
Sent: Wednesday, February 19, 2003 4:45 PM
To: Blake Ramsdell; ietf-smime(_at_)imc(_dot_)org
Subject: RE: Extended Key Usage extension and S/MIME

RFC3280 requires a client who understands an extension to 
implement its
contents regardless of the criticality flag. The critical flag tells a
client who don't understand that extension if it they can use the cert
or not. 

This is consistent with Jim's comment also, and I agree that I was
misinterpreting the field.

If the extended key usage extension is present and the client 
the extension, and it does not contain at least one of the
anyExtendedKeyUsage or the emailProtection key purpose Ids, then the
certificate is not considered suitable for verifying signatures or key
management.  Otherwise,
continue with normal certificate processing.

OK, I'm proceeding with this.  Any controversy around the
"anyExtendedKeyUsage" purpose?


<Prev in Thread] Current Thread [Next in Thread>