X.509 Certificate Extended Key Usage for Configuration, Updates, and Safety-Critical Communication
RFC 9809, “X.509 Certificate Extended Key Usage for Configuration, Updates, and Safety-Critical Communication”, is a Proposed Standard document published in July 2025 by H. Brockhaus, D. Goltzsche. The canonical text is published by the RFC Editor.
Abstract
RFC 5280 defines the Extended Key Usage (EKU) extension and specifies several extended key purpose identifiers (KeyPurposeIds) for use with that extension in X.509 certificates. This document defines KeyPurposeIds for general-purpose and trust anchor configuration files, for software and firmware update packages, and for safety-critical communication to be included in the EKU extension of X.509 v3 public key certificates.
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 9809 is hosted at rfc-editor.org. Available in HTML,TXT,PDF,XML.
- RFC 9808 Content Delivery Network Interconnection Capacity Capability Advertisement Extensions
- RFC 9810 Internet X.509 Public Key Infrastructure -- Certificate Management Protocol
- RFC 9807 The OPAQUE Augmented Password-Authenticated Key Exchange Protocol
- RFC 9811 Internet X.509 Public Key Infrastructure -- HTTP Transfer for the Certificate Management Protocol
- RFC 9806 Updates to SIP-Based Media Recording to Correct Metadata Media Type
- RFC 9812 Clarification of IPv6 Address Allocation Policy
- RFC 9805 Deprecation of the IPv6 Router Alert Option for New Protocols
- RFC 9813 Operational Considerations for Using TLS Pre-Shared Keys with RADIUS