ietf-smime
[Top] [All Lists]

RE: Extended Key Usage extension and S/MIME

2003-02-19 17:34:10

Blake,

I disagree with the non-critical interperation.  I believe that it
SHOULD be respected even if the extension is not marked critical.

jim

-----Original Message-----
From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org 
[mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Blake 
Ramsdell
Sent: Wednesday, February 19, 2003 3:45 PM
To: ietf-smime(_at_)imc(_dot_)org
Subject: Extended Key Usage extension and S/MIME



I received a request to include language regarding the extended key
usage certificate extension in the next version of the CERT draft.

It seems that the language is basically:

If the extended key usage extension is present and marked 
critical, and
it does not contain at least one of the anyExtendedKeyUsage or the
emailProtection key purpose Ids, then the certificate is not 
considered
suitable for verifying signatures or key management.  Otherwise,
continue with normal certificate processing.

So the point is that if:

1. The extension is present and not marked critical, and 
doesn't contain
emailProtection or anyExtendedKeyUsage, no one cares because it isn't
critical, and processing continues

2. The extension is present and marked critical and doesn't contain
emailProtection or anyExtendedKeyUsage, it's rejected

3. If it's not present, then processing continues

Anyone have any understanding of the current use of this extension, so
that we might have some assurance that this is the right way to move
forward, or is that outside the scope of this?

Blake
--
Blake Ramsdell | Brute Squad Labs | http://www.brutesquadlabs.com 



<Prev in Thread] Current Thread [Next in Thread>