X.509 Certificate General-Purpose Extended Key Usage for Document Signing
RFC 9336, “X.509 Certificate General-Purpose Extended Key Usage for Document Signing”, is a Proposed Standard document published in December 2022 by T. Ito, T. Okubo, S. Turner. The canonical text is published by the RFC Editor.
Abstract
RFC 5280 specifies several extended key purpose identifiers (KeyPurposeIds) for X.509 certificates. This document defines a general-purpose Document-Signing KeyPurposeId for inclusion in the Extended Key Usage (EKU) extension of X.509 public key certificates. Document-Signing applications may require that the EKU extension be present and that a Document-Signing KeyPurposeId be indicated in order for the certificate to be acceptable to that Document-Signing application.
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 9336 is hosted at rfc-editor.org. Available in HTML,TXT,PDF,XML.
- RFC 9337 Generating Password-Based Keys Using the GOST Algorithms
- RFC 9338 CBOR Object Signing and Encryption : Countersignatures
- RFC 9339 OSPF Reverse Metric
- RFC 9341 Alternate-Marking Method
- RFC 9342 Clustered Alternate-Marking Method
- RFC 9329 TCP Encapsulation of Internet Key Exchange Protocol and IPsec Packets
- RFC 9343 IPv6 Application of the Alternate-Marking Method
- RFC 9328 RTP Payload Format for Versatile Video Coding