Key Usage and Extended Key Usage certificate extension values should be required in client authentication

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Key Usage and Extended Key Usage certificate extension values should be required in client authentication

Indunil Rathnayake
Hi all,

Anyone knows in client authentication, what are the Key Usage and Extended Key Usage purposes we should validate?

As per the specification in [1]:

  • "Extended Key Usage" is not necessary and which is configured in addition to or in place of the basic purposes indicated in the key usage extension.
  • "clientAuth" which can be configure as "Extended Key Usage", and Key usage bits that may be consistent for that is "digitalSignature" and/or "keyAgreement"

But when validating, what are the key usage purposes that should be allowed and disallowed for client authentication?

[1] https://tools.ietf.org/html/rfc5280#section-4.2.1.12


Thanks and Regards

--

Indunil Rathnayake 

Faculty of Information Technology

University of Moratuwa.

Email : [hidden email] | Skype: indu.upeksha | Mobile : (+94)713695179  | Twitter @indunilUR |

LinkedIn: http://lk.linkedin.com/in/indunil |  Facebook : https://www.facebook.com/indunilrathnayake80 


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users