A new Request for Comments is now available in online RFC libraries.
RFC 10007
Title: Clarification to Processing Key Usage Values
During Certificate Revocation List (CRL) Validation
Author: C. Bonnell,
T. Ito,
T. Okubo
Status: Proposed Standard
Stream: IETF
Date: June 2026
Mailbox: [email protected],
[email protected],
[email protected]
Pages: 6
Updates: RFC 5280
I-D Tag: draft-ietf-lamps-keyusage-crl-validation-04
URL: https://www.rfc-editor.org/info/rfc10007
DOI: 10.17487/RFC10007
RFC 5280 defines the profile of X.509 certificates and Certificate
Revocation Lists (CRLs) for use in the Internet. Section 4.2.1.3 of
RFC 5280 requires CRL issuer certificates to contain the keyUsage
extension with the cRLSign bit asserted. However, the CRL validation
algorithm specified in Section 6.3 of RFC 5280 does not explicitly
include a corresponding check for the presence of the keyUsage
certificate extension. This document updates RFC 5280 to require
that check.
This document is a product of the Limited Additional Mechanisms for
PKIX and SMIME Working Group of the IETF.
STANDARDS TRACK: This document specifies an Internet Standards Track
protocol for the Internet community, and requests discussion and
suggestions for improvements. Distribution of this memo is unlimited.
This announcement is sent to the IETF-Announce and rfc-dist lists.
To subscribe or unsubscribe, see
https://www.ietf.org/mailman/listinfo/ietf-announce
https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist
For searching the RFC series, see https://www.rfc-editor.org/search/
For downloading RFCs, see https://www.rfc-editor.org/series/rfc-download/
Requests for special distribution should be addressed to either the
author of the RFC in question, or to [email protected]. Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.
The RFC Editor Team
_______________________________________________
IETF-Announce mailing list -- [email protected]
To unsubscribe send an email to [email protected]