Table of Contents
Advertisement
Standard X.509 v3 Certificate Extensions
If the extension contains a
assumed to be a pointer to the current CRL for the associated reasons and will be
issued by the associated
defined for the
reasons, the CRL must include revocations for all reasons. If the
distributionPoint
issued the certificate.
PKIX recommends that this extension be supported by CAs and applications.
CMS Version Support
Refer to "CRLDistributionPointsExt Plug-in Module" on page 164.
•
CMS 4.1: Supported
•
CMS 4.2: Supported
•
CMS 4.2-SP2: Supported
Netscape Recommendation
Netscape recommends that this extension be supported for all certificates, with the
exception of self-signed root CA certificates.
Microsoft Recommendation
Microsoft recommends that this extension be supported.
extKeyUsage
OID
2.5.29.37
Reference
http://www.ietf.org/rfc/rfc2459.txt
Criticality
If this extension is marked critical, the certificate must be used for one of the
indicated purposes only. If it is not marked critical, it is treated as an advisory field
that may be used to identify keys but does not restrict the use of the certificate to
the indicated purposes.
Discussion
The Extended Key Usage extension indicates one or more purposes for which the
certified public key may be used. These purposes may be in addition to or in place
of the basic purposes indicated in the key usage extension.
346
Netscape Certificate Management System Plug-ins Guide • October 2001
DistributionPointName
. The expected values for the URI are those
cRLIssuer
extension. If the
subjectAltName
omits
cRLIssuer
of type URI, the URI is
distributionPoint
, the CRL must be issued by the CA that
4.2.1.13
omits
Advertisement
Table of Contents
