Re: [Trans] Alternate formats for Precertificates

Paul Hoffman Wed, 26 Feb 2014 08:59:35 -0800

RFC 4211 is also somewhat ambiguous. It says:

   CertTemplate ::= SEQUENCE {
      version      [0] Version               OPTIONAL,
      serialNumber [1] INTEGER               OPTIONAL,
      signingAlg   [2] AlgorithmIdentifier   OPTIONAL,
      issuer       [3] Name                  OPTIONAL,
      validity     [4] OptionalValidity      OPTIONAL,
      subject      [5] Name                  OPTIONAL,
      publicKey    [6] SubjectPublicKeyInfo  OPTIONAL,
      issuerUID    [7] UniqueIdentifier      OPTIONAL,
      subjectUID   [8] UniqueIdentifier      OPTIONAL,
      extensions   [9] Extensions            OPTIONAL }


And:

      serialNumber MUST be omitted.  This field is assigned by the CA
      during certificate creation.

      signingAlg MUST be omitted.  This field is assigned by the CA
      during certificate creation.

If it "MUST be omitted", it is not optional. So, a document updating RFC 4211 
to fix this error, at least for the limited use of CT, seems fine.

--Paul Hoffman
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans

Re: [Trans] Alternate formats for Precertificates

Reply via email to