[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IPSec cert OID usage status ?



What do people think a PKI vendor should support as the Extended Key
Usage OIDs for certificates issued for use with IPSec ?  

>From prior bakeoffs, I recall that everyone agreed there would be only 1
IPSec usage OID, the intermediate one as below, not the 3 that PKIX had
previously defined.  Rodney's old ipsec certificate profile draft
suggested that the PKIX OIDs be deprecated.  But that draft is expired.
Consensus from the last bakeoff was also that people didn't want to
agree on a particular set of requirements for cert usage in IPSec.

IPSEC_KP_IKE_INTERMEDIATE "1.3.6.1.5.5.8.2.2"
 
OID_PKIX_KP_IPSEC_END_SYSTEM  "1.3.6.1.5.5.7.3.5"
 
OID_PKIX_KP_IPSEC_TUNNEL      "1.3.6.1.5.5.7.3.6"
 
OID_PKIX_KP_IPSEC_USER        "1.3.6.1.5.5.7.3.7"

Wm
Program Manager, Network Security, IPSec
Windows Division
Microsoft



Follow-Ups: