On Wed, Jul 01, 2020 at 06:47:32PM -0400, Michael Richardson wrote: > > As I understand the diff, AcpNodeName seems to be a new extension, > not a SubjectAltName extension, but an extension?
No, i think this is why Russ was adament to have subjectAltName mentioned. It is just a new otherName and can therefore theoretically be used everywhere a GeneralName can be used. It MUST be in a subjectAltName / otherName to name the subject. It _could_ be in IssuerAltName if for example an ACP node is a subCA etc. pp. It could be used in IDr / IDi in IPsec too. > I found it difficult, reading RFC5912 to figure out where id-on was located, > and I had to go into > > https://www.iana.org/assignments/smi-numbers/smi-numbers.xml#smi-numbers-1.3.6.1.5.5.7.0 > to see. > > Throughout 5912, we have: > id-pkix OBJECT IDENTIFIER ::= > {iso(1) identified-organization(3) dod(6) internet(1) security(5) > mechanisms(5) pkix(7)} > > while ACP says: > > id-pkix > FROM PKIX1Explicit-2009 > { iso(1) identified-organization(3) dod(6) internet(1) security(5) > mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51) } ; i took pretty much the whole ASN.1 block from RFC8398, given how nobody was jumping forward to suggest writing the ASN.1 code. This RFC looked like the newest/best template for a new string type otherName. > and while I understand that these are "local" variables, it does make > figuring stuff out difficult. May I request that the above link > (smi-numbers.xml ) go into a comment? maybe that's not often done. Can you pls. suggest explicit text, because i am just winging this ASN.1 stuff by stealing text from prior RFCs. > The IANA section is a bit of a clearer pointer, but I sure wish we'd point > people straight at the the place we mean by URL. Suggest text, or pull request pls. I just tried to stay on the safe side, dong what prior RFCs did. Pasting a Title into Google is typically a better way to find stuff than hoping URLs don't change, although IANA is prety stable (never try URL with any vendor WWW server ;-). Cheers Toerless > -- > Michael Richardson <[email protected]>, Sandelman Software Works > -= IPv6 IoT consulting =- > > > > _______________________________________________ > Anima mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/anima -- --- [email protected] _______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
