rfc9734v1.txt		rfc9734.txt
	skipping to change at line 12 ¶		skipping to change at line 12 ¶
	Internet Engineering Task Force (IETF) R. Mahy		Internet Engineering Task Force (IETF) R. Mahy
	Request for Comments: 9734 Rohan Mahy Consulting Services		Request for Comments: 9734 Rohan Mahy Consulting Services
	Category: Standards Track February 2025		Category: Standards Track February 2025
	ISSN: 2070-1721		ISSN: 2070-1721
	X.509 Certificate Extended Key Usage (EKU) for Instant Messaging URIs		X.509 Certificate Extended Key Usage (EKU) for Instant Messaging URIs
	Abstract		Abstract
	RFC 5280 specifies several extended key purpose identifiers		RFC 5280 specifies several extended key purpose identifiers
	(KeyPurposeIds) for X.509 certificates. This document defines		(KeyPurposeIds) for X.509 certificates. This document defines an
	Instant Messaging (IM) identity KeyPurposeId for inclusion in the		Instant Messaging (IM) identity KeyPurposeId for inclusion in the
	Extended Key Usage (EKU) extension of X.509 v3 public key		Extended Key Usage (EKU) extension of X.509 v3 public key
	certificates		certificates
	Status of This Memo		Status of This Memo
	This is an Internet Standards Track document.		This is an Internet Standards Track document.
	This document is a product of the Internet Engineering Task Force		This document is a product of the Internet Engineering Task Force
	(IETF). It represents the consensus of the IETF community. It has		(IETF). It represents the consensus of the IETF community. It has
	skipping to change at line 101 ¶		skipping to change at line 101 ¶
	id-kp OBJECT IDENTIFIER ::= {		id-kp OBJECT IDENTIFIER ::= {
	iso(1) identified-organization(3) dod(6) internet(1)		iso(1) identified-organization(3) dod(6) internet(1)
	security(5) mechanisms(5) pkix(7) kp(3) }		security(5) mechanisms(5) pkix(7) kp(3) }
	id-kp-imUri OBJECT IDENTIFIER ::= { id-kp 40 }		id-kp-imUri OBJECT IDENTIFIER ::= { id-kp 40 }
	4. Security Considerations		4. Security Considerations
	The security considerations of [RFC5280] are applicable to this		The security considerations of [RFC5280] are applicable to this
	document. This extended key purpose does not introduce new security		document. The id-kp-imUri extended key purpose does not introduce
	risks but instead reduces existing security risks by providing means		new security risks but instead reduces existing security risks by
	to identify if the certificate is generated to sign IM identity		providing means to identify if the certificate is generated to sign
	credentials. Issuers SHOULD NOT set the id-kp-imUri extended key		IM identity credentials. Issuers SHOULD NOT set the id-kp-imUri
	purpose and an id-kp-clientAuth or id-kp-serverAuth extended key		extended key purpose and an id-kp-clientAuth or id-kp-serverAuth
	purpose: that would defeat the improved specificity offered by having		extended key purpose: that would defeat the improved specificity
	an id-kp-imUri extended key purpose.		offered by having an id-kp-imUri extended key purpose.
	5. IANA Considerations		5. IANA Considerations
	IANA has registered the following OID in the "SMI Security for PKIX		IANA has registered the following OID in the "SMI Security for PKIX
	Extended Key Purpose" registry (1.3.6.1.5.5.7.3). This OID is		Extended Key Purpose" registry (1.3.6.1.5.5.7.3). This OID is
	defined in Section 4.		defined in Section 3.
	+=========+=============+============+		+=========+=============+============+
	| Decimal | Description | References |		| Decimal | Description | References |
	+=========+=============+============+		+=========+=============+============+
	| 40 | id-kp-imUri | RFC 9734 |		| 40 | id-kp-imUri | RFC 9734 |
	+---------+-------------+------------+		+---------+-------------+------------+
	Table 1		Table 1
	IANA has also registered the following ASN.1 [ITU.X690.2021] module		IANA has also registered the following ASN.1 [ITU.X690.2021] module
End of changes. 3 change blocks.
	9 lines changed or deleted		9 lines changed or added
This html diff was produced by rfcdiff 1.48.