Suresh Krishnan wrote:
Hi Sean,
I will make the changes to the IANA considerations section like you
suggested. I think it adds clarity about the required assignment.
On 10-05-01 06:56 AM, Sean Turner wrote:
Suresh,
4.c) Was there discussion about support for the anyExtendedKeyUsage
OID from 4.2.1.12 of RFC 5280?
No. I am not sure it would be useful as the SEND implementations
really need to know the EKU to work properly. The packet processing
is based on the value of the EKU.
Hmmm if you're not going to support it, then you might want to put
some text in about it not being allowed. 5280 allows applications to
reject certificates that include this extension.
OK. I will add the following text at the end of Section 7
"Certificate-using applications MUST reject certificates that do not
contain one of the three KeyPurposeIds defined above even if they
include the anyExtendedKeyUsage OID defined in [RFC5280]."
Does this work?
That would work for me.
spt
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf