Possible Answers Never restrict usage Use rsaEncryption as public key OID Tie to the public key structure Would do a single usage restriction Use schema OID as public key OID Use a certificate extension Allows for multiple usages Parallels Key Usage Extension Schema OID restricts key usage |