Skip to main content

X.509 Certificate General-Purpose Extended Key Usage (EKU) for Document Signing

Approval announcement
Draft of message to be sent after approval:


From: The IESG <>
To: IETF-Announce <>
Cc: The IESG <>,,,,,,
Subject: Protocol Action: 'General Purpose Extended Key Usage (EKU) for Document Signing X.509 Certificates' to Proposed Standard (draft-ietf-lamps-documentsigning-eku-06.txt)

The IESG has approved the following document:
- 'General Purpose Extended Key Usage (EKU) for Document Signing X.509
  (draft-ietf-lamps-documentsigning-eku-06.txt) as Proposed Standard

This document is the product of the Limited Additional Mechanisms for PKIX
and SMIME Working Group.

The IESG contact persons are Paul Wouters and Roman Danyliw.

A URL of this Internet Draft is:

Ballot Text

Technical Summary

   RFC5280 specifies several extended key purpose identifiers
   (KeyPurposeIds) for X.509 certificates.  This document defines a
   general purpose document signing KeyPurposeId for inclusion in the
   Extended Key Usage (EKU) extension of X.509 public key certificates.
   Document Signing applications may require that the EKU extension be
   present and that a document signing KeyPurposeId be indicated in
   order for the certificate to be acceptable to that Document Signing

Working Group Summary

There is broad support for this document in the LAMPS WG.

During document adoption, a few peoples against the key idea, but no objections have been raised in the last year or during WGLC.

Document Quality

Several Certification Authorities (CAs) have expressed an intention to support this new extended key usage value.

This document makes use of ASN.1.  The document shepherd compiled the ASN.1 module after inserting placeholder values for the ones that need to be assigned by IANA.  It compiles without errors. 


* Document Shepherd: Russ Housley
* Responsible Area Director: Roman Danyliw

RFC Editor Note