Dear list, RFC7925 mentions in 4.4.4, that
> All certificate elements listed in Table 1 MUST be implemented by > clients and servers claiming support for certificate-based > authentication. and then in that table: > Extension: Key Usage > The KeyUsage field MAY have the following values > in the context of this profile: > - digitalSignature or keyAgreement, > - keyCertSign for verifying signatures on public key certificates. > Extension: Extended Key Usage > The ExtKeyUsageSyntax field MAY have the following > values in context of this profile: > - id-kp-serverAuth for server authentication, > - id-kp-clientAuth for client authentication, > - id-kp-codeSigning for code signing (for software update mechanism), > - and id-kp-OCSPSigning for future OCSP usage in TLS. That results in different interpretations discussed in the Eclipse Open Source project Leshan (LwM2M), see https://github.com/eclipse/leshan/pull/869. FMPOV, it means the extension MAY be used, and a implementation MUST support it, if used. Others seems to read it as, "the extension MUST be used". I would appreciate, if someone could help to clarify the intention of this. best regards Achim Kraus _______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
