On Jul 19, 2016, at 9:14 AM, Rob Austein <[email protected]> wrote: > At Tue, 19 Jul 2016 08:43:00 -0400, Russ Housley wrote: >> >> Does this apply to the Certificate Policy OID too? If memory is >> correct, the current CP has a normative pinter to RFC 3779. > > Good catch. > > Not sure a policy OID change is necessary, although might be simplest. > If there's a reference, we either need to change the OID or change the > definition of what the OID means. > > IIRC, the OpenSSL library code doesn't do anything RFC-3779-specific > for the policy OID, it just follows the usual rules; it's the RP code > built on top of the library that demands that particular policy OID. > So at least in the OpenSSL case, changing the policy OID may not have > any noticeable effect on correctness of software behavior.
During the SIDR session today, there seemed to be some confusion about which OIDs we are taking about. The first two are from RFC 3779. They appear here in the IANA registry: http://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.1 The two OIDs are: 1.3.6.1.5.5.7.1.7 id-pe-ipAddrBlocks 1.3.6.1.5.5.7.1.8 id-pe-autonomousSysIds In addition, RFC 6484 assigned an OID for the certificate policy. It appears here in the IANA registry: http://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.14 The OID is: 1.3.6.1.5.5.7.14.2 id-cp-ipAddr-asNumber I think this is a very good candidate for early IANA code point allocation. I think that our AD can assist with that. Russ _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
