[OpenVPN home]	[Date Prev]	[Date Index]	[Date Next]
[OpenVPN mailing lists]	[Thread Prev]	[Thread Index]	[Thread Next]

Re: [Openvpn-users] nsCertType - non standard that noone else uses?

Subject: Re: [Openvpn-users] nsCertType - non standard that noone else uses?
From: James Yonan <jim@xxxxxxxxx>
Date: Tue, 8 Nov 2005 13:54:56 -0700 (MST)

On Tue, 8 Nov 2005, Jon Bendtsen wrote:

> Hi
> 
> According to those that make my certificate management system, EJBCA,
> noone uses 		nsCertType		any more. It has been replaced by a
> standard, RFC3280,
> 	http://www.ietf.org/rfc/rfc3280.txt?number=3280
> 
> See section "extended key usage",
> 
> "  id-kp-serverAuth             OBJECT IDENTIFIER ::= { id-kp 1 }
>     -- TLS WWW server authentication
>     -- Key usage bits that may be consistent: digitalSignature,
>     -- keyEncipherment or keyAgreement
> 
>     id-kp-clientAuth             OBJECT IDENTIFIER ::= { id-kp 2 }
>     -- TLS WWW client authentication
>     -- Key usage bits that may be consistent: digitalSignature
>     -- and/or keyAgreement"
> 
> 
> Okay, so it is not written to be used for a VPN, but surely OpenVPN
> could interpretate those fields as server and client as with the old
> nsCertType ?

I'd be happy to include a patch for this, if someone would care to write
it.

James


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Follow-Ups:
- Re: [Openvpn-users] nsCertType - non standard that noone else uses?
  - From: Alon Bar-Lev

References:
- [Openvpn-users] nsCertType - non standard that noone else uses?
  - From: Jon Bendtsen

Prev by Date: [Openvpn-users] 2.0.4/2.0.5 upgrades die
Next by Date: Re: [Openvpn-users] nsCertType - non standard that noone else uses?
Previous by thread: [Openvpn-users] nsCertType - non standard that noone else uses?
Next by thread: Re: [Openvpn-users] nsCertType - non standard that noone else uses?
Index(es):
- Date
- Thread