Netscape MANAGEMENT SYSTEM 6.0 - PLUG-IN Manual page 169

Table 4-9 PKIX usage definitions for the extended key usage extension
Usage
Server authentication
Client authentication
Code signing
Email
IPSec end system
IPSec tunnel
IPSec user
Timestamping
Note that Windows 2000
known as encrypted file system (EFS), using certificates that contain the Extended
Key Usage extension with the following two OIDs:
1.3.6.1.4.1.311.10.3.4
1.3.6.1.4.1.311.10.3.4.1
The EFS recovery certificate is used by a recovery agent when a user loses the
private key and the data encrypted with that key needs to be used. Certificate
Management System supports the above two OIDs and allows you to issue
certificates containing extended key usage extension with these OIDs.
Normal user certificates should be created with only the EFS OID, not the recovery
OID.
For general guidelines on setting the extended key usage extension in certificates,
see "extKeyUsage" on page 344.
The extended key usage extension policy in Certificate Management System allows
setting of the key usage extension as defined in its X.509 definition. The policy
enables you to specify OIDs, that identify key usages, in the extension.
During installation, Certificate Management System automatically creates two
instances of the extended key usage extension policy. See "CODESigningExt Rule"
on page 172 "OCSPSigningExt Rule" on page 173.
and
OID
1.3.6.1.5.5.7.3.1
1.3.6.1.5.5.7.3.2
1.3.6.1.5.5.7.3.3
1.3.6.1.5.5.7.3.4
1.3.6.1.5.5.7.3.5
1.3.6.1.5.5.7.3.6
1.3.6.1.5.5.7.3.7
1.3.6.1.5.5.7.3.8
TM
allows you to encrypt files on the hard disk, a feature
(this OID is for the EFS certificate)
(this OID is for the EFS recovery certificate)
Chapter 4
ExtendedKeyUsageExt Plug-in Module
Certificate Extension Plug-in Modules 169