Skip to main content

X.509 Certificate Extended Key Usage (EKU) for (JOSE) and CBOR Object Signing and Encryption (COSE)

Document Type Replaced Internet-Draft (lamps WG)
Expired & archived
Authors Tirumaleswar Reddy.K , Jani Ekman , Daniel Migault
Last updated 2023-04-17
Replaced by draft-ietf-lamps-nf-eku
RFC stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Additional resources Mailing list discussion
Stream WG state Candidate for WG Adoption
Document shepherd (None)
IESG IESG state Replaced by draft-ietf-lamps-nf-eku
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


RFC 5280 specifies several extended key purpose identifiers (KeyPurposeIds) for X.509 certificates. This document defines JSON Web Signature (JWS), JSON Web Encryption (JWE), CBOR Object Web Signature (CWS) and CBOR Object Web Encryption (CWE) KeyPurposeIds inclusion in the Extended Key Usage (EKU) extension of X.509 public key certificates. An application processing JWS, JWE, CWS or CWE may require that the EKU extension be present and that a JWS, JWE, CWS or CWE KeyPurposeId be indicated in order for the certificate to be acceptable to validate the JWS or CWS signature or to encrypt a key in JWE or CWE.


Tirumaleswar Reddy.K
Jani Ekman
Daniel Migault

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)