In message <[EMAIL PROTECTED]> on Mon, 22 Apr 2002 15:37:56 +0200,
Averroes <[EMAIL PROTECTED]> said:
averroes> Does anyone know what value should be use
averroes> in an ExtendedKeyUsage extension for OCSP Responder Certificate.
averroes>
averroes> I use only those:
averroes>
averroes> extendedKeyUsage = serverAuth
averroes>
averroes> but the rfc2560, Chap. 4.2.2.2 Authorized Responders says:
averroes>
averroes> "OCSP signing delagation SHALL be designated by the
averroes> inclusion of id-pk-OCSPSigning in an extendedKeyUsage
averroes> certificate extension included in the OCSP response signer's
averroes> certificate."
averroes>
averroes> id-pk-OCSPSigning OBJECT IDENTIFIER ::= {id-pk 9}
averroes>
averroes> So...?
So, what about using this extension for your validator certificates?
extendedKeyUsage = OCSPSigning
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
