X.509 - Certificates - Extensions Informing A Specific Usage of A Certificate

Extensions Informing A Specific Usage of A Certificate

RFC 5280 (and its predecessors) defines a number of certificate extensions which indicate how the certificate should be used. Most of them are arcs from the joint-iso-ccitt(2) ds(5) id-ce(29) OID. Some of the most common, defined in section 4.2.1, are:

  • Basic Constraints, { id-ce 19 }, are used to indicate whether the certificate belongs to a CA.
  • Key Usage, { id-ce 15 }, provides a bitmap specifying the cryptographic operations which may be performed using the public key contained in the certificate; for example, it could indicate that the key should be used for signatures but not for encipherment.
  • Extended Key Usage, { id-ce 37 }, is used, typically on a leaf certificate, to indicate the purpose of the public key contained in the certificate. It contains a list of OIDs, each of which indicates an allowed use. For example, { id-pkix 3 1 } indicates that the key may be used on the server end of a TLS or SSL connection; { id-pkix 3 4 } indicates that the key may be used to secure email.

In general, if a certificate has several extensions restricting its use, all restrictions must be satisfied for a given use to be appropriate. RFC 5280 gives the specific example of a certificate containing both keyUsage and extendedKeyUsage: in this case, both must be processed and the certificate can only be used if both extensions are coherent in specifying the usage of a certificate. For example, NSS uses both extensions to specify certificate usage.

Read more about this topic:  X.509, Certificates

Famous quotes containing the words certificate, usage, extensions, informing and/or specific:

    God gave the righteous man a certificate entitling him to food and raiment, but the unrighteous man found a facsimile of the same in God’s coffers, and appropriated it, and obtained food and raiment like the former. It is one of the most extensive systems of counterfeiting that the world has seen.
    Henry David Thoreau (1817–1862)

    ...Often the accurate answer to a usage question begins, “It depends.” And what it depends on most often is where you are, who you are, who your listeners or readers are, and what your purpose in speaking or writing is.
    Kenneth G. Wilson (b. 1923)

    If we focus exclusively on teaching our children to read, write, spell, and count in their first years of life, we turn our homes into extensions of school and turn bringing up a child into an exercise in curriculum development. We should be parents first and teachers of academic skills second.
    Neil Kurshan (20th century)

    Could a greater miracle take place than for us to look through each other’s eyes for an instant? We should live in all the ages of the world in an hour; ay, in all the worlds of the ages. History, Poetry, Mythology!—I know of no reading of another’s experience so startling and informing as this would be.
    Henry David Thoreau (1817–1862)

    In effect, to follow, not to force the public inclination; to give a direction, a form, a technical dress, and a specific sanction, to the general sense of the community, is the true end of legislature.
    Edmund Burke (1729–1797)