<div dir="ltr"><div>Hi all,<br><br><div class="gmail-post-text">Anyone knows in client authentication, what are the Key Usage and Extended Key Usage purposes we should validate?
<p>As per the specification in [1]:</p>
<ul>
<li>"Extended Key Usage" is not necessary and which is configured in
addition to or in place of the basic purposes indicated in the key usage
extension.</li>
<li>"clientAuth" which can be configure as "Extended Key Usage", and Key
usage bits that may be consistent for that is "digitalSignature" and/or
"keyAgreement"</li>
</ul>
<p>But when validating, what are the key usage purposes that should be allowed and disallowed for client authentication?</p>
<p>[1] <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.12" rel="nofollow noreferrer">https://tools.ietf.org/html/rfc5280#section-4.2.1.12</a></p>
</div><br></div>Thanks and Regards<br clear="all"><div><div><br>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><p style="font-family:arial;font-size:small;margin:6pt 0in 0.0001pt;background-image:initial;background-repeat:initial"><b><span style="font-size:10pt;font-family:Arial,sans-serif">Indunil Rathnayake </span></b><span style="font-size:10pt;font-family:Arial,sans-serif"></span></p><p style="font-family:arial;font-size:small;margin:0in 0in 0.0001pt"><b><span style="font-size:10pt;font-family:Arial,sans-serif">Faculty of Information Technology</span></b><span style="font-size:10pt;font-family:Arial,sans-serif"></span></p><p style="font-family:arial;font-size:small;margin:0in 0in 0.0001pt"><b><span style="font-size:10pt;font-family:Arial,sans-serif">University of Moratuwa.</span></b><span style="font-size:10pt;font-family:Arial,sans-serif"></span></p><p style="font-family:arial;font-size:small;margin:0in 0in 0.0001pt;background-image:initial;background-repeat:initial"><span style="font-size:10pt;font-family:Arial,sans-serif" lang="DA">Email : <u><a href="mailto:indunil.uom@gmail.com" style="color:rgb(17,85,204)" target="_blank">indunil.uom@gmail.com</a></u> | Skype: </span><span style="font-size:10pt;font-family:Arial,sans-serif">indu.upeksha | </span><span style="font-size:10pt;font-family:Arial,sans-serif" lang="DA">Mobile : </span><span style="font-size:10pt;font-family:Arial,sans-serif" lang="DA">(+94)713695179 | </span><span style="font-size:10pt;font-family:Arial,sans-serif">Twitter @indunilUR |</span></p><p style="font-family:arial;font-size:small;margin:0in 0in 0.0001pt;background-image:initial;background-repeat:initial"><span style="font-size:10pt;font-family:Arial,sans-serif" lang="DA">LinkedIn:<b> </b><a href="http://www.google.com/url?q=http%3A%2F%2Flk.linkedin.com%2Fin%2Findunil&sa=D&sntz=1&usg=AFQjCNEmFm8EqJj46HTiFXEXdDLn3kJ79A" style="color:rgb(17,85,204)" target="_blank">http://lk.linkedin.com/in/indunil</a> | Facebook : <a href="https://www.facebook.com/indunilrathnayake80" style="color:rgb(17,85,204)" target="_blank">https://www.facebook.com/indunilrathnayake80</a> </span></p></div></div>
</div></div></div>