[openssl-users] Key Usage and Extended Key Usage certificate extension values should be required in client authentication
Indunil Rathnayake
indunil.uom at gmail.com
Mon Feb 5 02:22:17 UTC 2018
Hi all,
Anyone knows in client authentication, what are the Key Usage and Extended
Key Usage purposes we should validate?
As per the specification in [1]:
- "Extended Key Usage" is not necessary and which is configured in
addition to or in place of the basic purposes indicated in the key usage
extension.
- "clientAuth" which can be configure as "Extended Key Usage", and Key
usage bits that may be consistent for that is "digitalSignature" and/or
"keyAgreement"
But when validating, what are the key usage purposes that should be allowed
and disallowed for client authentication?
[1] https://tools.ietf.org/html/rfc5280#section-4.2.1.12
Thanks and Regards
--
*Indunil Rathnayake *
*Faculty of Information Technology*
*University of Moratuwa.*
Email : *indunil.uom at gmail.com <indunil.uom at gmail.com>* | Skype: indu.upeksha
| Mobile : (+94)713695179 | Twitter @indunilUR |
LinkedIn: http://lk.linkedin.com/in/indunil
<http://www.google.com/url?q=http%3A%2F%2Flk.linkedin.com%2Fin%2Findunil&sa=D&sntz=1&usg=AFQjCNEmFm8EqJj46HTiFXEXdDLn3kJ79A>
| Facebook
: https://www.facebook.com/indunilrathnayake80
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180205/734fdd2a/attachment.html>
More information about the openssl-users
mailing list