draft-ietf-pkix-rfc3770bis-01: key usage extension
Russ Housley <housley@vigilsec.com> Thu, 14 April 2005 15:38 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA25221 for <pkix-archive@lists.ietf.org>; Thu, 14 Apr 2005 11:38:38 -0400 (EDT)
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j3EEhe77027819; Thu, 14 Apr 2005 07:43:40 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j3EEhePl027818; Thu, 14 Apr 2005 07:43:40 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from woodstock.binhost.com (woodstock.binhost.com [144.202.243.4]) by above.proper.com (8.12.11/8.12.9) with SMTP id j3EEhdft027812 for <ietf-pkix@imc.org>; Thu, 14 Apr 2005 07:43:39 -0700 (PDT) (envelope-from housley@vigilsec.com)
Received: (qmail 25643 invoked by uid 0); 14 Apr 2005 14:01:09 -0000
Received: from unknown (HELO Russ-Laptop.vigilsec.com) (141.156.165.114) by woodstock.binhost.com with SMTP; 14 Apr 2005 14:01:09 -0000
Message-Id: <6.2.0.14.2.20050414095731.05c082b0@mail.binhost.com>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.0.14
Date: Thu, 14 Apr 2005 10:01:08 -0400
To: Peter Sylvester <Peter.Sylvester@edelweb.fr>
From: Russ Housley <housley@vigilsec.com>
Subject: draft-ietf-pkix-rfc3770bis-01: key usage extension
Cc: ietf-pkix@imc.org
In-Reply-To: <200504140849.j3E8nim01640@chandon.edelweb.fr>
References: <200504140849.j3E8nim01640@chandon.edelweb.fr>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Note: I am starting a separate thread for each of the unresolved issues. I hope this draws more people into the discussion. Peter: > > >2 *** > > > > > > If a certificate contains a key usage extension, the KeyUsage bits > > > that are needed depends on the EAP method that is employed; however, > > > the keyCertSign bit and the cRLSign MUST NOT be associated with EAP > > > method end entity certificates. > > > > > >This means that you cannot have a certificat WITHOUT keyUsage? > > >Or, in case of a certificate without keyUsage, you could use it > > >for CrlSigning? > > > > No. The paragraph only talks about the key usage extension in support of > > EAP methods. The question you are asking is beyond the scope of the > > paragraph and the whole document. > > > >oops, I made a mistake. i wanted to ask "could you use a certificate >that has no keyUsage for EAP methods?' Yes. In this case, the certificate is not providing any constraints on the key usage. Russ
- I-D ACTION:draft-ietf-pkix-rfc3770bis-01.txt Internet-Drafts
- Re: I-D ACTION:draft-ietf-pkix-rfc3770bis-01.txt Peter Sylvester
- Re: I-D ACTION:draft-ietf-pkix-rfc3770bis-01.txt David P. Kemp
- Re: I-D ACTION:draft-ietf-pkix-rfc3770bis-01.txt Russ Housley
- Re: I-D ACTION:draft-ietf-pkix-rfc3770bis-01.txt Steven Legg
- Re: I-D ACTION:draft-ietf-pkix-rfc3770bis-01.txt Peter Sylvester
- draft-ietf-pkix-rfc3770bis-01: key usage extension Russ Housley
- draft-ietf-pkix-rfc3770bis-01: Section 2 Russ Housley
- draft-ietf-pkix-rfc3770bis-01: OID Import Russ Housley