Hi Russ, Thank you for the pointers. I am traveling now but I will get back to it.
Thanks Tim > On 21 Jul 2016, at 10:56, Russ Housley <[email protected]> wrote: > > > On Jul 19, 2016, at 9:14 AM, Rob Austein <[email protected] > <mailto:[email protected]>> wrote: > >> At Tue, 19 Jul 2016 08:43:00 -0400, Russ Housley wrote: >>> >>> Does this apply to the Certificate Policy OID too? If memory is >>> correct, the current CP has a normative pinter to RFC 3779. >> >> Good catch. >> >> Not sure a policy OID change is necessary, although might be simplest. >> If there's a reference, we either need to change the OID or change the >> definition of what the OID means. >> >> IIRC, the OpenSSL library code doesn't do anything RFC-3779-specific >> for the policy OID, it just follows the usual rules; it's the RP code >> built on top of the library that demands that particular policy OID. >> So at least in the OpenSSL case, changing the policy OID may not have >> any noticeable effect on correctness of software behavior. > > During the SIDR session today, there seemed to be some confusion about which > OIDs we are taking about. > > The first two are from RFC 3779. They appear here in the IANA registry: > http://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.1 > > <http://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.1> > > The two OIDs are: > 1.3.6.1.5.5.7.1.7 id-pe-ipAddrBlocks > 1.3.6.1.5.5.7.1.8 id-pe-autonomousSysIds > > In addition, RFC 6484 assigned an OID for the certificate policy. It appears > here in the IANA registry: > http://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.14 > > <http://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.14> > > The OID is: > 1.3.6.1.5.5.7.14.2 id-cp-ipAddr-asNumber > > I think this is a very good candidate for early IANA code point allocation. > I think that our AD can assist with that. > > Russ > > _______________________________________________ > sidr mailing list > [email protected] <mailto:[email protected]> > https://www.ietf.org/mailman/listinfo/sidr > <https://www.ietf.org/mailman/listinfo/sidr>
_______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
