[Cryptography] ALPACA

[Peter Gutmann]

Viktor Dukhovni <cryptography at dukhovni.org> writes:

>The above is misleading.  The "email" usages are for S/MIME, not TLS. The
>"web server usage" is really TLS server usage, and so SMTP servers that do
>STARTTLS are in the same bucket as HTTPS servers.

Sure, what I meant in this case was that since there are already eKUs for
email (as in S/MIME), define a new eKU for email with TLS (STARTTLS/SMTP) or
whatever.  That's what eKU is there for.

>OpenSSL does not ignore extended key usage,

What does it do with eKUs?  Will it reject a cert used for TLS with e.g. an
IPSEC eKU?  Just curious, because the last time I looked it ignored them.

Even for clients that don't ignore it, the other side of the coin is that many
certs have nonsensical eKUs (look at the number of web *server* certs that
assert the *client*Auth eKU), so you need to sort out both ends of the mess
for things to work.

Peter.