Re: [Acme] Proposal for adding arbitrary CA-specific name-value pairs to registration object

Hugo Landau Tue, 04 Oct 2016 07:44:51 -0700

> One way to accomplish this in the protocol is to simply add a "ca-extension" 
> object to the registration object, where the "ca-extension" object is an 
> array of name-value pairs of strings. For example:
> 
> {
>   "protected": base64url({
>    "alg": "ES256",
>    "jwk": {...},
>    "nonce": "6S8IqOGY7eL2lsGoTZYifg",
>    "url": "https://example.com/acme/new-reg";
>   })
>   "payload": base64url({
>    "contact": [
>      "mailto:[email protected]";,
>      "tel:+12025551212"
>    ],
>    "ca-extension": [
>      "<ca-ext-name-1>": "<ca-ext-value-1>",
>      "<ca-ext-name-2>": "<ca-ext-value-2>"
>    ]
>   }),
>   "signature": "RZPOnYoPs1PhjszF...-nh6X1qtOFPB519I"
> }
Surely vendorized keys would be better:


    {
      "com.example.blorpNo": "BLORP122946"
    }

_______________________________________________
Acme mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/acme

Re: [Acme] Proposal for adding arbitrary CA-specific name-value pairs to registration object

Reply via email to