Richard Levitte - VMS Whacker wrote:
michael Again: The only reference to an attribute type is the OID!
I know that. Unfortunately, there are applications out there that
attempt to use the textual representation of a DN. One perfect
example is LDAP anytime you search for anything (at
From: Michael **UNKNOWN CHARSET** [EMAIL PROTECTED]
michael Have you read RFC2560 properly? You can have responders that answer
michael for other CA's. Multiple CA's even.
michael
michael I know that. But is the DER-encoding of the issuerName always
michael the same?
It's supposed to be
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Richard Levitte - VMS
Whacker
Sent: den 26 september 2000 13:58
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: OCSP and issuerNameHash (was: Object names)
Unless we can assume
From: Richard Levitte - VMS Whacker [EMAIL PROTECTED]
levitte Unless we can assume that the same order will be preserved,
levitte verification would be impossible. Think about it, a DN can have
levitte multiple RDNs of the same type. Does DC ring a bell?
Bleah. I wasn't reading things
Oscar Jacobsson wrote:
RelativeDistinguishedNames themselves contain a SET OF
AttributeTypeAndValue in order to facilitate multi-value RDNs.
[..]
OU=Sales+CN=J. Smith,O=Widget Inc.,C=US
^
That's exactly what I meant.
I'm currently in the process of writing a Python class for
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Michael Stroder
Sent: den 26 september 2000 14:45
To: [EMAIL PROTECTED]
Subject: Re: OCSP and issuerNameHash (was: Object names)
I'm currently in the process of writing a Python class for X.500
names
IMHO at least this type definition containing SET OF might lead to
different DER-encodings
Nope. As others have pointed out DER defines a unique encoding for "SET
OF"
You might want to look at i2d_ASN1_SET in crypto/a_set.c
Can somebody with real OCSP experience say anything about this?
I
I wonder, is there any document somewhere that can tell us how the
different objects should really be named? As it currently looks, most
names are created ad-hoc.
I've just been hit with a problem where the naming of OID
1.2.840.113549.1.9.1 varies. When that is part of the CN rdn using
I just found RFC2253, so that one doesn't have to be pointed out to me
:-).
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Chairman@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
Redakteur@Stacken \ SWEDEN \ or +46-709-50 36 10
Procurator Odiosus Ex Infernis
there (including
the names).
Just my 2c.
Best regards
Kim Hellan
KMD / KMD-CA
http://www.kmd-ca.dk
Mailto:[EMAIL PROTECTED]
-Oprindelig meddelelse-
Fra: Richard Levitte - VMS Whacker [mailto:[EMAIL PROTECTED]]
Sendt: 25. september 2000 13:50
Til: [EMAIL PROTECTED]
Emne: Object names
Richard Levitte - VMS Whacker wrote:
I wonder, is there any document somewhere that can tell us how the
different objects should really be named?
Currently there is no such central document since everybody is free
to define OIDs after getting a OID arc. Not even a central registry
exists.
From: "Hellan,Kim KHE" [EMAIL PROTECTED]
khe http://www.alvestrand.no/objectid/
khe
khe I think you can find most of the OpenSSL predefined OID's there
khe (including the names).
I know about alvestrand. Guess what? 1.2.840.113549.1.9.1 is named
"e-mailAddress" there.
Also, anyone can
Richard Levitte - VMS Whacker wrote:
I just found RFC2253, so that one doesn't have to be pointed out to me
:-).
But this does not help much with attribute type naming. It only
says:
-
If the AttributeType is in a published table of
- VMS Whacker [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 25, 2000 10:24 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: SV: Object names
From: "Hellan,Kim KHE" [EMAIL PROTECTED]
khe http://www.alvestrand.no/objectid/
khe
khe I think you can find most of t
From: Michael **UNKNOWN CHARSET** [EMAIL PROTECTED]
michael Currently there is no such central document since everybody is free
michael to define OIDs after getting a OID arc. Not even a central registry
michael exists. For registering OIDs it's sufficient that the owner of the
michael parent
From: Frank Balluffi [EMAIL PROTECTED]
frankb My experience has been that you need to consult each standard
frankb separately. RFC 2459 is good in that it includes object
frankb identifiers from a bunch of standards, including the PKCS
frankb standards, and the X.5 standards (e.g., X.509 and
Michael Ströder wrote:
Currently there is no such central document since everybody is free
to define OIDs after getting a OID arc. Not even a central registry
exists.
No official central regitry, yes, but at least there is this non-official
one :
http://www.alvestrand.no/objectid/
It's
Jean-Marc Desperrier wrote:
Michael Ströder wrote:
Currently there is no such central document since everybody is free
to define OIDs after getting a OID arc. Not even a central registry
exists.
No official central regitry, yes, but at least there is this non-official
one :
Richard Levitte - VMS Whacker wrote:
But for example, the
"legal" shortnames for the DN attributes should be available
somewhere.
Can you list a limited set of attribute types for certificate DNs? I
can't.
I did find some in RFC2253, and I'm pretty sure there are
more in some X.500 or
On Mon, 25 Sep 2000, Michael Ströder wrote:
Jean-Marc Desperrier wrote:
No official central regitry, yes, but at least there is this
non-official one :
http://www.alvestrand.no/objectid/
Thank you. I already knew that one.
It's quite complete, while sure not comprehensive.
Richard Levitte wrote:
And still, short names have been used for a while, since they do appear
in
X.400 addresses and in DNs a little here and there.
Pardon me for butting in to the discussion this late, but is this really
an issue of short or long names?
I think the core problem at hand
Richard Levitte - VMS Whacker wrote:
But I guess that the right way would be to make it less humanly
readable and use the hash of the issuer DN, the same way it should be
done according to RFC2560...
RFC2560:
"issuerNameHash is the hash of the Issuer's distinguished name. The
hash shall be
Michael Ströder wrote:
Richard Levitte - VMS Whacker wrote:
X509_NAME_oneline(), it's displayed as "/Email=...". Other products,
like the JDK, seem to name it "/EmailAddress=...". As you can see,
that will create a problem when you try to use the representation used
by one system
From: Michael **UNKNOWN CHARSET** [EMAIL PROTECTED]
michael Richard Levitte - VMS Whacker wrote:
michael
michael But for example, the
michael "legal" shortnames for the DN attributes should be available
michael somewhere.
michael
michael Can you list a limited set of attribute types for
From: "Oscar Jacobsson" [EMAIL PROTECTED]
oscar.jacobsson 'commonName' and 'cn' are not long and short names
oscar.jacobsson for 2.5.4.3, rather ASN.1 and UTF-8 (string) names.
Hmm, that (and the rest of your explanation) made the whole thing a
bit more comprehensible. Thanks, buddy.
--
25 matches
Mail list logo
