Toerless Eckert <[email protected]> wrote: > I remember from Berlin that you wanted to suggest a better > format/encoding for the AN domain certificate to indicate a > pledge/devices ACP address. I have not seen a followup re. this item (i > apologize in case i have overlooked an email re. this).
Hi. sorry to have not replied to your email. My thought was that we should have an actual subjectAltName otherName entry. I had originally proposed defining a new OID for the IID part of the address, leaving the upper bits up to the RPL PIO. There are other options are to use the subjectAltName iPAddress choice. See https://tools.ietf.org/html/rfc5280#section-4.2.1.6 I think that I proposed text that would allocate an EUI64 OID for the certificate. (I have operational code using mbedtls (client) and openssl (CA) to do things using an OID from my ORG_SANDELMAN (46930) PEN.) If the WG has consensus on this, then I'll dig the text up. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | network architect [ ] [email protected] http://www.sandelman.ca/ | ruby on rails [
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
