Hello,
both X.509 and draft-zeilenga-ldap-x509 define the matching rules
certificateExactMatch and certificateMatch. Questions:
1. Where is the string encoding for these matching rules defined?
I have seen that in OpenLDAP a string like
((userCertificate=1357$o=truetrust ltd,c=gb))
works for certificateExactMatch; also RFC3876 (matched values only)
uses this string representation. But I can't find a RFC/I-D which
defines this string format.
2. certificateMatch is defined in X.590 as
certificateMatch MATCHING-RULE ::= {
SYNTAX CertificateAssertion
ID id-mr-certificateMatch }
CertificateAssertion ::= SEQUENCE {
serialNumber [0] CertificateSerialNumber OPTIONAL,
issuer [1] Name
OPTIONAL,
subjectKeyIdentifier [2] SubjectKeyIdentifier
OPTIONAL,
authorityKeyIdentifier [3] AuthorityKeyIdentifier OPTIONAL,
certificateValid [4] Time
OPTIONAL,
privateKeyValid [5] GeneralizedTime OPTIONAL,
subjectPublicKeyAlgID [6] OBJECT IDENTIFIER
OPTIONAL,
keyUsage [7] KeyUsage
OPTIONAL,
subjectAltName [8] AltNameType OPTIONAL,
policy [9] CertPolicySet
OPTIONAL,
pathToName [10] Name OPTIONAL,
subject [11] Name
OPTIONAL,
nameConstraints [12] NameConstraintsSyntax OPTIONAL
}
. Is it possible to use this matching rule in LDAP? Is there any product
already supporting this matching rule?
E.g. it should be possible to search for certificates with
- keyUsage="keyEncipherment"
or
- subjectAltName "e-mail: [EMAIL PROTECTED]"
, right?
How would be the string encoding for these 2 examples?
Regards, Jochen.
---
You are currently subscribed to [email protected] as: [EMAIL PROTECTED]
To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the
SUBJECT of the message.
