Skip to content

Commit

Permalink
Update draft-ietf-uta-tls13-iot-profile.md
Browse files Browse the repository at this point in the history 
Co-authored-by: Thomas Fossati <[email protected]>
  • Loading branch information
@hannestschofenig @thomas-fossati
hannestschofenig and thomas-fossati authored Dec 16, 2024
1 parent d0ff544 commit c488a42
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions draft-ietf-uta-tls13-iot-profile.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -675,8 +675,8 @@ keyEncipherment or keyAgreement MUST be set because the encrypted delivery
of the newly generated key involves encryption or agreement of a symmetric
key. On-device key generation is, however, the preferred approach.

On IDevID certificates, the extendedKeyUsage SHOULD NOT be present, as it reduces the utility of the IDevID.
On locally assigned LDevID certificates, the extendedKeyUsage, if present MUST contain at least one of id-kp-serverAuth or id-kp-clientAuth in order to be useable with TLS.
In IDevID certificates, the extendedKeyUsage SHOULD NOT be present, as it reduces the utility of the IDevID.
In locally assigned LDevID certificates, the extendedKeyUsage, if present, MUST contain at least one of id-kp-serverAuth or id-kp-clientAuth in order to be useable with TLS.


# Certificate Overhead
Expand Down

0 comments on commit c488a42

Please sign in to comment.