[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Latest ipsec-pki-req-04.txt - EKU

To: Rodney Thayer <rodney@xxxxxxxxxxxx>
Subject: RE: Latest ipsec-pki-req-04.txt - EKU
From: Stephen Kent <kent@xxxxxxx>
Date: Mon, 20 Dec 1999 14:33:11 -0500
Cc: ipsec@xxxxxxxxxxxxxxxxx
In-reply-to: <>
References: <>
Sender: owner-ipsec@xxxxxxxxxxxxxxxxx

Rodney,

I believe (some PKIX lawyer check me on this...) that 2459 allows
any number of EKU's (wanna parse a cert with 572 EKU's, anyone?
Can you say "architecturally irresponsible"?)

Yes, you can insert multiple EKU. No, there is no limit, just as there is no limit on the number of attributes in a DN, or the number of extensions in a cert. If we tried to nail down the numbers for each of these parameters, we would still be arguing over them today :-).

Steve

Follow-Ups:
- tell me something about the frees/wan
  - From: ouyangyi

References:
- RE: Latest ipsec-pki-req-04.txt - EKU
  - From: Rodney Thayer

Prev by Date: Re: Latest ipsec-pki-req-04.txt - EKU
Next by Date: Re: signture mode and non-repudiation
Previous by thread: Re: Latest ipsec-pki-req-04.txt - EKU
Next by thread: tell me something about the frees/wan
Index(es):
- Date
- Thread