draft-ietf-sip-eku-07.txt   draft-ietf-sip-eku-08.txt 
SIP WG S. Lawrence SIP WG S. Lawrence
Internet-Draft Nortel Networks, Inc. Internet-Draft Nortel Networks, Inc.
Intended status: Experimental V. Gurbani Intended status: Experimental V. Gurbani
Expires: April 23, 2010 Bell Laboratories, Alcatel-Lucent Expires: April 23, 2010 Bell Laboratories, Alcatel-Lucent
October 20, 2009 October 20, 2009
Using Extended Key Usage (EKU) for Session Initiation Protocol (SIP) Using Extended Key Usage (EKU) for Session Initiation Protocol (SIP)
X.509 Certificates X.509 Certificates
draft-ietf-sip-eku-07 draft-ietf-sip-eku-08
Status of this Memo Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79. This document may contain material provisions of BCP 78 and BCP 79. This document may contain material
from IETF Documents or IETF Contributions published or made publicly from IETF Documents or IETF Contributions published or made publicly
available before November 10, 2008. The person(s) controlling the available before November 10, 2008. The person(s) controlling the
copyright in some of this material may not have granted the IETF copyright in some of this material may not have granted the IETF
Trust the right to allow modifications of such material outside the Trust the right to allow modifications of such material outside the
IETF Standards Process. Without obtaining an adequate license from IETF Standards Process. Without obtaining an adequate license from
skipping to change at page 5, line 49 skipping to change at page 5, line 49
whether the usage of a certificate is restricted to serve as a SIP whether the usage of a certificate is restricted to serve as a SIP
certificate only, implementations MUST perform the step given below certificate only, implementations MUST perform the step given below
as a part of the certificate validation: as a part of the certificate validation:
The implementation MUST examine the Extended Key Usage value(s), if The implementation MUST examine the Extended Key Usage value(s), if
any: any:
o If the certificate does not contain any EKU values (the Extended o If the certificate does not contain any EKU values (the Extended
Key Usage extension does not exist), it is a matter of local Key Usage extension does not exist), it is a matter of local
policy whether or not to accept the certificate for use as a SIP policy whether or not to accept the certificate for use as a SIP
certificate. certificate. Note that since certificates not following this
specification will not have the id-kp-sipDomain EKU value, and
many do not have any EKU values, the more interoperable local
policy would be to accept the certificate.
o If the certificate contains the id-kp-sipDomain EKU extension, o If the certificate contains the id-kp-sipDomain EKU extension,
then implementations of this specification MUST consider the then implementations of this specification MUST consider the
certificate acceptable for use as a SIP certificate. certificate acceptable for use as a SIP certificate.
o If the certificate does not contain the id-kp-sipDomain EKU value, o If the certificate does not contain the id-kp-sipDomain EKU value,
but does contain the id-kp-anyExtendedKeyUsage EKU value, it is a but does contain the id-kp-anyExtendedKeyUsage EKU value, it is a
matter of local policy whether or not to consider the certificate matter of local policy whether or not to consider the certificate
acceptable for use as a SIP certificate. acceptable for use as a SIP certificate.
 End of changes. 2 change blocks. 
2 lines changed or deleted 5 lines changed or added

This html diff was produced by rfcdiff 1.37a. The latest version is available from http://tools.ietf.org/tools/rfcdiff/