next up previous contents
Next: Private Key Protection Up: Key Pair Generation and Previous: Hardware/software key generation   Contents

Key usage purposes (as per X.509 v3 key usage field)

The DutchGrid medium-security Certification Authority root-certificate defined keyUsage extensions "digitalSignature", "certificateSign", and "cRLSign" in the X./509v3 certificate extensions. The X.509 basic constraints is set to "CA:true". the Netscape certificate type is set to "SSL CA", "S/MIME CA", and "Object signing CA".

The certificates issued by the DutchGrid medium-security Certification Authority under this policy will have the basic constraints set to "CA:false", and the keyUsage bits set to "digitalSignature, nonRepudiation, dataEncypherment, keyEncyphterment". Other X.509v3 extensions may be added. By default, certificates issued to hosts and servers will have a subjectAltName dNSName extension. The Netscape cert type may be set to "server, client, email".

The keyUsage field will be marked as critical.

David Groep 2005-01-07