rfc9509v4.txt		rfc9509.txt
	Internet Engineering Task Force (IETF) T. Reddy.K		Internet Engineering Task Force (IETF) T. Reddy.K
	Request for Comments: 9509 J. Ekman		Request for Comments: 9509 J. Ekman
	Category: Standards Track Nokia		Category: Standards Track Nokia
	ISSN: 2070-1721 D. Migault		ISSN: 2070-1721 D. Migault
	Ericsson		Ericsson
	January 2024		March 2024
	X.509 Certificate Extended Key Usage (EKU) for 5G Network Functions		X.509 Certificate Extended Key Usage (EKU) for 5G Network Functions
	Abstract		Abstract
	RFC 5280 specifies several extended key purpose identifiers		RFC 5280 specifies several extended key purpose identifiers
	(KeyPurposeIds) for X.509 certificates. This document defines		(KeyPurposeIds) for X.509 certificates. This document defines
	encrypting JSON objects in HTTP messages, using JSON Web Tokens		encrypting JSON objects in HTTP messages, using JSON Web Tokens
	(JWTs), and signing the OAuth 2.0 access tokens KeyPurposeIds for		(JWTs), and signing the OAuth 2.0 access tokens KeyPurposeIds for
	inclusion in the Extended Key Usage (EKU) extension of X.509 v3		inclusion in the Extended Key Usage (EKU) extension of X.509 v3
	skipping to change at line 65 ¶		skipping to change at line 65 ¶
	4. Including the Extended Key Purpose in Certificates		4. Including the Extended Key Purpose in Certificates
	5. Implications for a Certification Authority		5. Implications for a Certification Authority
	6. Security Considerations		6. Security Considerations
	7. Privacy Considerations		7. Privacy Considerations
	8. IANA Considerations		8. IANA Considerations
	9. References		9. References
	9.1. Normative References		9.1. Normative References
	9.2. Informative References		9.2. Informative References
	Appendix A. ASN.1 Module		Appendix A. ASN.1 Module
	Acknowledgments		Acknowledgments
	Contributors		Contributor
	Authors' Addresses		Authors' Addresses
	1. Introduction		1. Introduction
	The operators of 5G ("fifth generation") systems as defined by 3GPP		The operators of 5G ("fifth generation") systems as defined by 3GPP
	make use of an internal PKI to generate X.509 PKI certificates for		make use of an internal PKI to generate X.509 PKI certificates for
	the Network Functions (NFs) (Section 6 of [TS23.501]) in a 5G System.		the Network Functions (NFs) (Section 6 of [TS23.501]) in a 5G System.
	The certificates are used for the following purposes:		The certificates are used for the following purposes:
	* Client and Server certificates for NFs in 5G Core (5GC) Service		* Client and Server certificates for NFs in 5G Core (5GC) Service
	skipping to change at line 437 ¶		skipping to change at line 437 ¶
	Acknowledgments		Acknowledgments
	We would like to thank Corey Bonnell, Ilari Liusvaara, Carl Wallace,		We would like to thank Corey Bonnell, Ilari Liusvaara, Carl Wallace,
	and Russ Housley for their useful feedback. Thanks to Yoav Nir for		and Russ Housley for their useful feedback. Thanks to Yoav Nir for
	the secdir review, Elwyn Davies for the genart review, and Benson		the secdir review, Elwyn Davies for the genart review, and Benson
	Muite for the intdir review.		Muite for the intdir review.
	Thanks to Paul Wouters, Lars Eggert, and Éric Vyncke for the IESG		Thanks to Paul Wouters, Lars Eggert, and Éric Vyncke for the IESG
	review.		review.
	Contributors		Contributor
	The following individuals have contributed to this document:		The following individual has contributed to this document:
	German Peinado		German Peinado
	Nokia		Nokia
	Email: german.peinado@nokia.com		Email: german.peinado@nokia.com
	Authors' Addresses		Authors' Addresses
	Tirumaleswar Reddy.K		Tirumaleswar Reddy.K
	Nokia		Nokia
	India		India
End of changes. 4 change blocks.
	4 lines changed or deleted		4 lines changed or added
This html diff was produced by rfcdiff 1.48.