Clarifications for Elliptic Curve Cryptography Subject Public Key Information
SECOM CO., LTD.
tadahiko.ito.public@gmail.com
sn3rd
sean@sn3rd.com
LAMPS
PKIX
X.509
This document updates RFC 5480 to specify semantics for the
keyEncipherment and dataEncipherment key usage bits when used in
certificates that support Elliptic Curve Cryptography.
Introduction
specifies the syntax and semantics for the Subject Public
Key Information field in certificates that support Elliptic Curve
Cryptography. As part of these semantics, it defines what
combinations are permissible for the values of the key usage
extension . specifies 7 of the 9 values; it
makes no mention of the keyEncipherment and dataEncipherment key usage
bits. This document corrects this omission by updating
to make it clear that neither keyEncipherment nor the
dataEncipherment key usage bits are set for key agreement algorithms
defined therein. The additions are to be made to the end of
.
Terminology
The key words "MUST", "MUST NOT",
"REQUIRED", "SHALL", "SHALL
NOT", "SHOULD", "SHOULD NOT",
"RECOMMENDED", "NOT RECOMMENDED",
"MAY", and "OPTIONAL" in this document are
to be interpreted as described in BCP 14
when, and only when, they appear in all capitals,
as shown here.
Updates to Section 3
If the keyUsage extension is present in a certificate that indicates
id-ecPublicKey in SubjectPublicKeyInfo, then the following values MUST
NOT be present:
- keyEncipherment; and
- dataEncipherment.
If the keyUsage extension is present in a certificate that indicates
id-ecDH or id-ecMQV in SubjectPublicKeyInfo, then the following
values also MUST NOT be present:
- keyEncipherment; and
- dataEncipherment.
Security Considerations
This document introduces no new security considerations beyond those
found in .
IANA Considerations
This document has no IANA actions.
Normative References