Diff: rfc9734v1.txt - rfc9734.txt

	rfc9734v1.txt	rfc9734.txt

	skipping to change at line 12 ¶	skipping to change at line 12 ¶
	Internet Engineering Task Force (IETF) R. Mahy	Internet Engineering Task Force (IETF) R. Mahy
	Request for Comments: 9734 Rohan Mahy Consulting Services	Request for Comments: 9734 Rohan Mahy Consulting Services
	Category: Standards Track February 2025	Category: Standards Track February 2025
	ISSN: 2070-1721	ISSN: 2070-1721

	X.509 Certificate Extended Key Usage (EKU) for Instant Messaging URIs	X.509 Certificate Extended Key Usage (EKU) for Instant Messaging URIs

	Abstract	Abstract

	RFC 5280 specifies several extended key purpose identifiers	RFC 5280 specifies several extended key purpose identifiers

	(KeyPurposeIds) for X.509 certificates. This document defines	(KeyPurposeIds) for X.509 certificates. This document defines an
	Instant Messaging (IM) identity KeyPurposeId for inclusion in the	Instant Messaging (IM) identity KeyPurposeId for inclusion in the
	Extended Key Usage (EKU) extension of X.509 v3 public key	Extended Key Usage (EKU) extension of X.509 v3 public key
	certificates	certificates

	Status of This Memo	Status of This Memo

	This is an Internet Standards Track document.	This is an Internet Standards Track document.

	This document is a product of the Internet Engineering Task Force	This document is a product of the Internet Engineering Task Force
	(IETF). It represents the consensus of the IETF community. It has	(IETF). It represents the consensus of the IETF community. It has

	skipping to change at line 101 ¶	skipping to change at line 101 ¶

	id-kp OBJECT IDENTIFIER ::= {	id-kp OBJECT IDENTIFIER ::= {
	iso(1) identified-organization(3) dod(6) internet(1)	iso(1) identified-organization(3) dod(6) internet(1)
	security(5) mechanisms(5) pkix(7) kp(3) }	security(5) mechanisms(5) pkix(7) kp(3) }

	id-kp-imUri OBJECT IDENTIFIER ::= { id-kp 40 }	id-kp-imUri OBJECT IDENTIFIER ::= { id-kp 40 }

	4. Security Considerations	4. Security Considerations

	The security considerations of [RFC5280] are applicable to this	The security considerations of [RFC5280] are applicable to this

	document. This extended key purpose does not introduce new security	document. The id-kp-imUri extended key purpose does not introduce
	risks but instead reduces existing security risks by providing means	new security risks but instead reduces existing security risks by
	to identify if the certificate is generated to sign IM identity	providing means to identify if the certificate is generated to sign
	credentials. Issuers SHOULD NOT set the id-kp-imUri extended key	IM identity credentials. Issuers SHOULD NOT set the id-kp-imUri
	purpose and an id-kp-clientAuth or id-kp-serverAuth extended key	extended key purpose and an id-kp-clientAuth or id-kp-serverAuth
	purpose: that would defeat the improved specificity offered by having	extended key purpose: that would defeat the improved specificity
	an id-kp-imUri extended key purpose.	offered by having an id-kp-imUri extended key purpose.

	5. IANA Considerations	5. IANA Considerations

	IANA has registered the following OID in the "SMI Security for PKIX	IANA has registered the following OID in the "SMI Security for PKIX
	Extended Key Purpose" registry (1.3.6.1.5.5.7.3). This OID is	Extended Key Purpose" registry (1.3.6.1.5.5.7.3). This OID is

	defined in Section 4.	defined in Section 3.

	+=========+=============+============+	+=========+=============+============+
	\| Decimal \| Description \| References \|	\| Decimal \| Description \| References \|
	+=========+=============+============+	+=========+=============+============+
	\| 40 \| id-kp-imUri \| RFC 9734 \|	\| 40 \| id-kp-imUri \| RFC 9734 \|
	+---------+-------------+------------+	+---------+-------------+------------+

	Table 1	Table 1

	IANA has also registered the following ASN.1 [ITU.X690.2021] module	IANA has also registered the following ASN.1 [ITU.X690.2021] module

	skipping to change at line 172 ¶	skipping to change at line 172 ¶

	[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC	[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
	2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,	2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
	May 2017, <https://www.rfc-editor.org/info/rfc8174>.	May 2017, <https://www.rfc-editor.org/info/rfc8174>.

	6.2. Informative References	6.2. Informative References

	[E2E-IDENTITY]	[E2E-IDENTITY]
	Barnes, R. and R. Mahy, "Identity for E2E-Secure	Barnes, R. and R. Mahy, "Identity for E2E-Secure
	Communications", Work in Progress, Internet-Draft, draft-	Communications", Work in Progress, Internet-Draft, draft-

	barnes-mimi-identity-arch-01, 23 October 2023,	barnes-mimi-identity-arch-02, 4 February 2025,
	<https://datatracker.ietf.org/doc/html/draft-barnes-mimi-	<https://datatracker.ietf.org/doc/html/draft-barnes-mimi-

	identity-arch-01>.	identity-arch-02>.

	[RFC3860] Peterson, J., "Common Profile for Instant Messaging	[RFC3860] Peterson, J., "Common Profile for Instant Messaging
	(CPIM)", RFC 3860, DOI 10.17487/RFC3860, August 2004,	(CPIM)", RFC 3860, DOI 10.17487/RFC3860, August 2004,
	<https://www.rfc-editor.org/info/rfc3860>.	<https://www.rfc-editor.org/info/rfc3860>.

	[RFC6121] Saint-Andre, P., "Extensible Messaging and Presence	[RFC6121] Saint-Andre, P., "Extensible Messaging and Presence
	Protocol (XMPP): Instant Messaging and Presence",	Protocol (XMPP): Instant Messaging and Presence",
	RFC 6121, DOI 10.17487/RFC6121, March 2011,	RFC 6121, DOI 10.17487/RFC6121, March 2011,
	<https://www.rfc-editor.org/info/rfc6121>.	<https://www.rfc-editor.org/info/rfc6121>.


End of changes. 5 change blocks.
	11 lines changed or deleted	11 lines changed or added
This html diff was produced by rfcdiff 1.48.