ietf
[Top] [All Lists]

Re: Last Call: draft-ietf-csi-send-cert (Certificate profile and certificate management for SEND) to Proposed Standard

2010-05-02 21:48:46
Hi Sean,
I will make the changes to the IANA considerations section like you suggested. I think it adds clarity about the required assignment.

On 10-05-01 06:56 AM, Sean Turner wrote:
Suresh,
4.c) Was there discussion about support for the anyExtendedKeyUsage OID from 4.2.1.12 of RFC 5280?
No. I am not sure it would be useful as the SEND implementations really need to know the EKU to work properly. The packet processing is based on the value of the EKU.

Hmmm if you're not going to support it, then you might want to put some text in about it not being allowed. 5280 allows applications to reject certificates that include this extension.

OK. I will add the following text at the end of Section 7

"Certificate-using applications MUST reject certificates that do not contain one of the three KeyPurposeIds defined above even if they include the anyExtendedKeyUsage OID defined in [RFC5280]."

Does this work?

Thanks
Suresh

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf