Cover page

X.509 Certification Practice Statement
for Virginia Tech
User Certification Authority
May 30, 2007
Amended August 5, 2009
OBJECT IDENTIFIER 1.3.6.1.4.1.6760.5.2.3.3.1

X.509 Certification Practice Statement
for Virginia Tech
User Certification Authority
May 30, 2007
Amended August 10, 2009
OBJECT IDENTIFIER 1.3.6.1.4.1.6760.5.2.3.3.1

Record of Changes

 

Add changes for this update here

7.1.2 Certificate Extensions

Standard extensions, when populated, are described in an appropriate Certificate Profile.
PKCs issued from the UCA have the following values in their Key Usage field:
• Digital signature
• Non-repudiation
Key encipherment
PKCs issued from the UCA have the following values in their Enhanced Key Usage field:
• Web Client Authentication
• Email Protection
• MS Smartcard Login

7.1.2 Certificate Extensions
Standard extensions, when populated, are described in an appropriate Certificate Profile.
PKCs issued from the UCA have the following values in their Key Usage field:
• Digital signature
• Non-repudiation
PKCs issued from the UCA have the following values in their Extended Key Usage field:
• Web Client Authentication
• Email Protection
• MS Smartcard Login



  • No labels

3 Comments

  1. Frank Galligan

    Aug 13, 2009

    The key encipherment attribute is not included in VT PDCs that are currently issued. Key encipherment indicates that the public key component of the certificate can be used by applications needing to implement secure key transport. It allows use of the certificate for encryption  and has been excluded from the PDC certificate profile.

  2. Frank Galligan

    Aug 13, 2009

    The reference to "Enhanced Key Usage" should be changed to "Extended Key Usage" which is the correct way to reference this certificate extension.

  3. Frank Galligan

    Aug 13, 2009

    I would recommend that the listings of extensions that are included in certificates be replaced by references to the external certificate profile documents which provide this same information.  I see no reason to provide this type of information redundantly in the policy and in addition the certificate profile documents.