"Dr. Stephen Henson" writes: > > There are many certs in production use with policy extensions; the VeriSign > > end entity certs should provide many examples. > > > > Yes I know about those. Is there any documentation however on what the > VeriSign policy extensions actually *mean*. The last time I looked it had a
I have assumed that they are identifiers tied to the CPS. The cps url in one of the VeriSign end entity certs I have (the one shadowed in the document) has this: 7.1.6 Certificate Policy Object Identifier Where the Certificate Policies extension is used, Certificates contain the object identifier for the Certificate Policy corresponding to the appropriate Class of Certificate as set forth in CPS [section] 1.2. For legacy Certificates issued prior to the publication of the VTN CP which include the Certificate Policies extension, Certificates refer to the VeriSign CPS. This section 1.2 says: 1.2 Identification This document is the VeriSign Certification Practice Statement. VTN Certificates contain object identifier values corresponding to the applicable VTN Class of Certificate. Therefore, VeriSign has not assigned this CPS an object identifier value. Certificate Policy Object Identifiers are used in accordance with CPS [section] 7.1.6. So at least in the case of verisign the oid probably refers to a particular cp, while the url points to a cps. Don't know where the master list of policies would be. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
