Netscape MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR Administrator's Manual page 454

Defaults Reference
For general information about this extension, see "extKeyUsage" on page 727.
The extension identifies one or more purposes—in addition to or in place of the
basic purposes indicated in the key usage extension—for which the certified public
key may be used. For example, if the key usage extension identifies a key to be
used for signing, the extended key usage extension can further narrow down the
usage of the key for signing OCSP responses only or for signing Java applets only.
Table 10-4 PKIX usage definitions for the extended key usage extension
Usage
Server authentication
Client authentication
Code signing
Email
IPSec end system
IPSec tunnel
IPSec user
Timestamping
Note that Windows 2000
known as encrypted file system (EFS), using certificates that contain the Extended
Key Usage extension with the following two OIDs:
1.3.6.1.4.1.311.10.3.4
1.3.6.1.4.1.311.10.3.4.1
The EFS recovery certificate is used by a recovery agent when a user loses the
private key and the data encrypted with that key needs to be used. CMS supports
the above two OIDs and allows you to issue certificates containing extended key
usage extension with these OIDs.
Normal user certificates should be created with only the EFS OID, not the recovery
OID.
You can define the following constraints with this default:
• Extended Key Usage Constraint, see "Extended Key Usage Extension
Constraint," on page 474
454 Netscape Certificate Management System Administrator's Guide • February 2003
OID
1.3.6.1.5.5.7.3.1
1.3.6.1.5.5.7.3.2
1.3.6.1.5.5.7.3.3
1.3.6.1.5.5.7.3.4
1.3.6.1.5.5.7.3.5
1.3.6.1.5.5.7.3.6
1.3.6.1.5.5.7.3.7
1.3.6.1.5.5.7.3.8
TM
allows you to encrypt files on the hard disk, a feature
(this OID is for the EFS certificate)
(this OID is for the EFS recovery certificate)