Re: Attribute Certificate mysteries: Targets/targetInformation

Mon, 02 Jul 2007 11:37:22 -0700 

Hello,

This extension is not defined in RFC 3281 but in ITU-T X.509 recomendation.

Dani

Richard Levitte <[EMAIL PROTECTED]> dijo:


Hey,

I need some help understanding the EXTENSION ASN.1 type.  I haven't
been able to find ANY information on how it works and what it
corresponds to in ASN.1 1988 syntax, and it's quite possible I'm
getting so tired that my eyes are crossing, rendering me virtually
dyslectic...

Anyhow, in X.509, the extension for the targets attribute in attribute
certificates is coded like this:

   targetingInformation EXTENSION ::= {
         SYNTAX            SEQUENCE SIZE (1..MAX) OF Targets
         IDENTIFIED BY     id-ce-targetInformation }
   Targets     ::=    SEQUENCE SIZE (1..MAX) OF Target
   Target      ::=    CHOICE {
         targetName        [0]      GeneralName,
         targetGroup       [1]      GeneralName,
         targetCert        [2]      TargetCert }
   TargetCert ::=     SEQUENCE {
         targetCertificate IssuerSerial,
         targetName        GeneralName OPTIONAL,
         certDigestInfo    ObjectDigestInfo OPTIONAL }

I interpret that as the extension value being a
SEQUENCE OF SEQUENCE OF Target, but as I said, my understanding of the
EXTENSION type is nil, so I may be confused to the extreme.

However, the targetInformation type isn't defined at all in rfc 3281,
and if my interpretation above is correct, doesns't that constitute an
incompatibility of this extension?

If anyone can point me at a correct and understandable definition of
the EXTENSION type, I'd be extremely happy.

Cheers,
Richard

-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.

--
Richard Levitte                         [EMAIL PROTECTED]
                                       http://richard.levitte.org/

"When I became a man I put away childish things, including
the fear of childishness and the desire to be very grown up."
                                                -- C.S. Lewis

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           [EMAIL PROTECTED]





--
----
DANIEL DIAZ SANCHEZ
WebCartero
Universidad Carlos III de Madrid

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to