Key Usage and Extended Key Usage certificate extension values should be required in client authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi all,

Anyone knows in client authentication, what are the Key Usage and Extended Key Usage purposes we should validate?

As per the specification in [1]:

  • "Extended Key Usage" is not necessary and which is configured in addition to or in place of the basic purposes indicated in the key usage extension.
  • "clientAuth" which can be configure as "Extended Key Usage", and Key usage bits that may be consistent for that is "digitalSignature" and/or "keyAgreement"

But when validating, what are the key usage purposes that should be allowed and disallowed for client authentication?

[1] https://tools.ietf.org/html/rfc5280#section-4.2.1.12


Thanks and Regards

--

Indunil Rathnayake 

Faculty of Information Technology

University of Moratuwa.

Email : indunil.uom@xxxxxxxxx | Skype: indu.upeksha | Mobile : (+94)713695179  | Twitter @indunilUR |

LinkedIn: http://lk.linkedin.com/in/indunil |  Facebook : https://www.facebook.com/indunilrathnayake80 

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux