6. Key Usage Bits
This section preserves the RFC text for X.509 SLH-DSA algorithm identifiers, including ASN.1, OIDs, AlgorithmIdentifier, id-slh-dsa-* and id-hash-slh-dsa-* names, DER examples, certificates, key usage, IANA registrations, and security requirements.
Original RFC Text
6. Key Usage Bits
The intended application for the key is indicated in the keyUsage
certificate extension; see Section 4.2.1.3 of [RFC5280]. If the
keyUsage extension is present in a certificate that indicates an id-
slh-dsa-* (Pure SLH-DSA) or id-hash-slh-dsa-* (HashSLH-DSA)
identifier in the SubjectPublicKeyInfo, then at least one of the
following MUST be present:
* digitalSignature
* nonRepudiation
* keyCertSign
* cRLSign
If the keyUsage extension is present in a certificate that indicates
an id-slh-dsa-* (Pure SLH-DSA) or id-hash-slh-dsa-* (HashSLH-DSA)
identifier in the SubjectPublicKeyInfo, then the following MUST NOT
be present:
* keyEncipherment
* dataEncipherment
* keyAgreement
* encipherOnly
* decipherOnly
Requirements about the keyUsage extension bits defined in [RFC5280]
still apply.