This class defines the Extended Key Usage Extension, which
indicates one or more purposes for which the certified public key
may be used, in addition to or in place of the basic purposes
indicated in the key usage extension field. This field is defined
as follows:
id-ce-extKeyUsage OBJECT IDENTIFIER ::= {id-ce 37}
ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
KeyPurposeId ::= OBJECT IDENTIFIER
Key purposes may be defined by any organization with a need. Object
identifiers used to identify key purposes shall be assigned in
accordance with IANA or ITU-T Rec. X.660 | ISO/IEC/ITU 9834-1.
This extension may, at the option of the certificate issuer, be
either critical or non-critical.
If the extension is flagged critical, then the certificate MUST be
used only for one of the purposes indicated.
If the extension is flagged non-critical, then it indicates the
intended purpose or purposes of the key, and may be used in finding
the correct key/certificate of an entity that has multiple
keys/certificates. It is an advisory field and does not imply that
usage of the key is restricted by the certification authority to
the purpose indicated. Certificate using applications may
nevertheless require that a particular purpose be indicated in
order for the certificate to be acceptable to that application.
If a certificate contains both a critical key usage field and a
critical extended key usage field, then both fields MUST be
processed independently and the certificate MUST only be used for a
purpose consistent with both fields. If there is no purpose
consistent with both fields, then the certificate MUST NOT be used
for any purpose.
version: 1.8, 10/10/06 since: 1.4 |