2.25. Add Section 8.7 - Authorizing Requests for Certificates with Specific EKUs

2.25. Add Section 8.7 - Authorizing Requests for Certificates with Specific EKUs

The following subsection addresses the security considerations to follow when authorizing requests for certificates containing specific EKUs.

Insert this section after new Section 8.6:

8.7. Authorizing Requests for Certificates with Specific EKUs

When a CA issues a certificate containing extended key usage extensions as defined in Section 4.5, this expresses delegation of an authorization that originally is only with the CA certificate itself. Such delegation is a very sensitive action in a PKI and therefore special care must be taken when approving such certificate requests to ensure that only legitimate entities receive a certificate containing such an EKU.