Hi Paul, SCEP requires a senderNonce and transactionID to be returned to the client requesting the certificate. Those two values are included in the signed message the client sends to the server, and then the server must take the two values and include them in the response to the client or the client is supposed to reject the response. This is not just adding an OID for a capability, it’s also adding a value to the OID which must be included in the signed response. Does x509.ObjectIdentifier allow something to the effect of 1.2.3.4=some random bytes or text?
Thanks, Micah > On Oct 4, 2015, at 4:59 PM, Paul Kehrer <paul.l.keh...@gmail.com> wrote: > > Micah, > > You can define any OID you want just by passing a string of the dotted value > of the OID to the constructor of x509.ObjectIdentifier. You won't get the > human readable name, but that's not a big deal. However, that class is really > just a convenience and doesn't have any behavior so I'm not sure what benefit > it would be to you when implementing SCEP. Could you elaborate a bit on what > you're trying to do? > > > -Paul (reaperhulk) > > On October 4, 2015 at 6:33:57 PM, Micah Baker (hacim.re...@gmail.com > <mailto:hacim.re...@gmail.com>) wrote: > >> I’m attempting to build a SCEP server using cryptography and don’t see a way >> to add OIDs not already defined by the module. If it is not possible to use >> other real OIDs, can we add the half-dozen SCEP OIDs to cryptography? The >> OIDs can be found here: >> https://tools.ietf.org/html/draft-gutmann-scep-01#page-17 >> <https://tools.ietf.org/html/draft-gutmann-scep-01#page-17>. If someone is >> willing to give me some pointers I could try to write a patch for this, >> assuming it’s just a table of supported OIDs somewhere. >> _______________________________________________ >> Cryptography-dev mailing list >> Cryptography-dev@python.org <mailto:Cryptography-dev@python.org> >> https://mail.python.org/mailman/listinfo/cryptography-dev >> <https://mail.python.org/mailman/listinfo/cryptography-dev>
_______________________________________________ Cryptography-dev mailing list Cryptography-dev@python.org https://mail.python.org/mailman/listinfo/cryptography-dev
