A new Request for Comments is now available in online RFC libraries.

        RFC 10007

        Title:      Clarification to Processing Key Usage Values 
                    During Certificate Revocation List (CRL) Validation
        Author:     C. Bonnell,
                    T. Ito,
                    T. Okubo
        Status:     Proposed Standard
        Stream:     IETF
        Date:       June 2026
        Mailbox:    [email protected],
                    [email protected],
                    [email protected]
        Pages:      6
        Updates:    RFC 5280


        I-D Tag:    draft-ietf-lamps-keyusage-crl-validation-04

        URL:        https://www.rfc-editor.org/info/rfc10007

        DOI:        10.17487/RFC10007

RFC 5280 defines the profile of X.509 certificates and Certificate
Revocation Lists (CRLs) for use in the Internet.  Section 4.2.1.3 of
RFC 5280 requires CRL issuer certificates to contain the keyUsage
extension with the cRLSign bit asserted.  However, the CRL validation
algorithm specified in Section 6.3 of RFC 5280 does not explicitly
include a corresponding check for the presence of the keyUsage
certificate extension.  This document updates RFC 5280 to require
that check.

This document is a product of the Limited Additional Mechanisms for 
PKIX and SMIME Working Group of the IETF.

STANDARDS TRACK: This document specifies an Internet Standards Track
protocol for the Internet community, and requests discussion and
suggestions for improvements. Distribution of this memo is unlimited.

This announcement is sent to the IETF-Announce and rfc-dist lists.
To subscribe or unsubscribe, see
  https://www.ietf.org/mailman/listinfo/ietf-announce
  https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist

For searching the RFC series, see https://www.rfc-editor.org/search/
For downloading RFCs, see https://www.rfc-editor.org/series/rfc-download/

Requests for special distribution should be addressed to either the
author of the RFC in question, or to [email protected].  Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.


The RFC Editor Team

_______________________________________________
IETF-Announce mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to