Hi Sean,
I will make the changes to the IANA considerations section like you
suggested. I think it adds clarity about the required assignment.
On 10-05-01 06:56 AM, Sean Turner wrote:
Suresh,
4.c) Was there discussion about support for the anyExtendedKeyUsage
OID from 4.2.1.12 of RFC 5280?
No. I am not sure it would be useful as the SEND implementations really
need to know the EKU to work properly. The packet processing is based on
the value of the EKU.
Hmmm if you're not going to support it, then you might want to
put some text in about it not being allowed. 5280 allows
applications to reject certificates that include this extension.
OK. I will add the following text at the end of Section 7
"Certificate-using applications MUST reject certificates that do not
contain one of the three KeyPurposeIds defined above even if they
include the anyExtendedKeyUsage OID defined in [RFC5280]."
Does this work?
Thanks
Suresh
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf