Hi,
I thought it could look like this (see below).
The node ID is placed in the URI field.
There's also a name (rfc822name) placed in the SubjectAltName under
the "email" Attibute.
Any comments on that ?
Cheers,
Frederic
// -----------------------
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5 (0x5)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=DE, ST=Hessen, L=Darmstadt, O=P2P SIP, CN=P2P SIP
Root CA/[email protected]
Validity
Not Before: Feb 17 13:10:43 2010 GMT
Not After : Feb 17 13:10:43 2011 GMT
Subject: C=DE, ST=Hessen, O=P2P SIP, OU=R&D, CN=Somewhat
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:c6:5b:0f:24:ea:08:3e:73:db:97:d6:d0:cb:e1:
5c:6a:ca:fa:9a:06:9f:a6:6e:14:f6:aa:1a:dd:36:
65:c1:32:42:26:3f:28:21:e6:da:d3:c2:c4:ce:a2:
34:d1:76:04:96:f6:9f:10:8c:e1:d6:75:37:90:2c:
22:07:c2:3a:fd:e6:f6:82:37:3d:c8:b4:95:5e:63:
2b:45:0a:07:30:f0:e3:41:68:2b:44:01:ac:76:3c:
d8:89:bf:f8:bb:70:f7:ef:00:85:aa:77:4a:9b:5e:
49:a3:1a:2e:de:5f:4a:7e:0e:ce:ee:b9:59:96:3b:
f8:3d:ba:de:9b:f3:9c:ec:10:46:50:db:40:7f:46:
ad:50:96:b0:f3:e3:7a:90:6e:88:b9:16:45:73:da:
78:63:e5:14:d8:3a:60:da:f4:58:32:15:2f:30:b1:
ed:89:59:36:49:e4:03:fe:4c:c7:7a:d2:6a:f8:09:
5c:c6:64:9f:be:60:c2:14:7a:34:70:75:27:ec:d5:
90:f0:ab:e0:00:74:2e:87:44:ef:41:e8:0d:31:d9:
ca:dc:f9:33:b3:ae:1c:3b:2a:89:39:ca:88:94:ca:
90:6d:41:06:b2:b0:8c:9d:42:f9:32:0c:e5:ad:4d:
1d:08:b2:ce:8c:78:6b:a0:8b:eb:6b:8f:82:95:ae:
a1:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
99:C0:70:B7:EE:9E:93:B4:5E:DC:AF:69:1C:88:72:E9:EC:68:DF:B8
X509v3 Authority Key Identifier:
keyid:BB:7F:34:F1:85:9E:EE:31:9F:C6:40:62:73:D3:E7:E4:35:58:FE:68
DirName:/C=DE/ST=Hessen/L=Darmstadt/O=P2P SIP/CN=P2P
SIP Root CA/[email protected]
serial:87:8B:21:B0:5B:B7:1D:4D
Netscape CA Revocation Url:
https://1.2.3.4/example-ca-crl.pem
X509v3 Subject Alternative Name:
email:[email protected], URI:42
Signature Algorithm: sha1WithRSAEncryption
4d:39:28:f2:aa:4b:12:e1:b3:bc:6f:ae:48:77:80:b6:5c:ab:
d3:17:dc:85:f9:eb:02:b2:33:89:60:e3:1a:68:5d:28:f3:e8:
a3:3a:b5:60:fe:83:ef:44:c7:e4:45:c9:37:50:ea:ce:fa:70:
91:af:62:2f:5f:1e:49:29:28:da:48:2d:41:fe:24:a9:f4:94:
77:5a:35:a7:41:99:a8:84:d2:38:fb:f8:dc:a8:44:fe:34:96:
9c:47:1f:2d:3d:e3:d8:73:af:81:3c:a1:3b:59:db:5d:af:68:
15:82:39:c1:2a:a2:0a:40:3f:1f:de:b5:d7:10:c8:be:80:44:
84:3f
On Tue, Feb 23, 2010 at 12:05 AM, neil.young <[email protected]> wrote:
> Sorry, may I raise this question again?
> TIA
> Regards
>
>
> RELOAD BASE 07,
>
> 10.3.
> One or more Node-IDs which MUST be cryptographically random
> [RFC4086]. Each MUST be chosen by the enrollment server in such a
> way that they are unpredictable to the requesting user. Each is
> placed in the subjectAltName using the uniformResourceIdentifier
> type and MUST contain RELOAD URIs as described in Section 13.12
> and MUST contain a Destination list with a single entry of type
> "node_id".
>
> Could anybody please give me a pointer, how such a record may look like? A
> sample would be of help.
> Thanks
>
>
> _______________________________________________
> P2PSIP mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/p2psip
>
>
_______________________________________________
P2PSIP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/p2psip
