[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Authority Key Identifier

To: "'ietf-pkix@xxxxxxx'" <ietf-pkix@xxxxxxx>
Subject: RE: Authority Key Identifier
From: "Jong 't, D (Dennis)" <D.Jong@xxxxxxxxxxxxxx>
Date: Thu, 24 Oct 2002 08:03:50 +0200
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Thank you all for the (quick) responses. I now have a better feeling of the
AKI. The suggested books/artickes are taken into consideration.

We need the AKI to be able to select the proper RA/CA combination for a
Certificate Roll-over. MS IIS will do this selection using an ISAPI
filter/extension. After the proper RA/CA are selected, RSA Keon will perform
a certificate update.

Met vriendelijke groet/with kind regards,
 
Dennis 't Jong
Technisch Specialist
Windows Server Management O&O - Beveiliging

Rabobank ICT           Tel:    +31 30 21 52772
Kamer ZL-R255          Fax:    +31 30 21 51893
Laan van Eikenstein 9  Mobiel: +31 6 24481180
3705 AR Zeist          Email:  D.Jong@xxxxxxxxxxxxxx 
                       Web:    http://www.RabobankICT.nl 



> -----Oorspronkelijk bericht-----
> Van: Hamrick, Matt [mailto:HamrickM@xxxxxxxxxxxxx]
> Verzonden: woensdag 23 oktober 2002 16:19
> Aan: 'Jong 't, D (Dennis)'
> CC: 'ietf-pkix@xxxxxxx'
> Onderwerp: RE: Authority Key Identifier
> 
> 
> Also... as a followup to Denis' response, you can find 
> information about
> ASN.1 and BER encoding in the X.680 family of specifications. 
> Burt Kalliski
> has also authored an article titled "a layman's guide to 
> ASN.1" You can
> search google or cryptonomicon.net to find the URLs for these 
> articles. As a
> fyi, most ITU specs cost money, but they allow people to 
> download two or
> three without charge each year. If you're going to spend 
> money trying to
> figure out ASN.1 and BER (and you really should figure these 
> things out if
> you have to do serious certificate work,) there are a couple 
> of books on
> ASN.1 I saw referenced on cryptonomicon.net. I think you 
> could go there or
> amazon.com and search for "ASN.1". I think I saw the book by Olivier
> Dubuisson and thought it was a reasonable introduction to the subject.
> 
> -----Original Message-----
> From: Jong 't, D (Dennis) [mailto:D.Jong@xxxxxxxxxxxxxx]
> Sent: Monday, October 21, 2002 7:29 AM
> To: 'ietf-pkix@xxxxxxx'
> Subject: Authority Key Identifier
> 
> 
> 
> LS,
> 
> I have a question regarding the Authority Key Identifier 
> (AKI) in an x509
> certificate. When we resolve the AKI from the "CERT_CONTEXT" 
> (MS IIS), it
> returns a 24 bytes structure, like:
> 30 16 80 14 b2 b6 f2 cb eb d0 b2 26 79 eb 8b 99 74 77 e2 df 
> 2f d5 20 69
> 
> The AKI should be 20 bytes long (RFC 2459, 4.2.1.2 using 160 
> bit SHA-1),
> like:
> b2 b6 f2 cb eb d0 b2 26 79 eb 8b 99 74 77 e2 df 2f d5 20 69
> 
> Does anyone know the purpose of those 4 trailing bytes? If 
> Yes, is it save
> to cut them off to substract the original AKI?
> 
> Met vriendelijke groet/with kind regards,
>  
> Dennis 't Jong
> Technisch Specialist
> Windows Server Management O&O - Beveiliging 
> 
> Rabobank ICT           Tel:    +31 30 21 52772
> Kamer ZL-R255          Fax:    +31 30 21 51893
> Laan van Eikenstein 9  Mobiel: +31 6 24481180
> 3705 AR Zeist          Email:  D.Jong@xxxxxxxxxxxxxx 
> Nederland              Web:    http://www.RabobankICT.nl 
> 
> 
> 
> 
> ================================================
> De informatie opgenomen in dit bericht kan vertrouwelijk zijn en 
> is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht 
> onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken en 
> de afzender direct te informeren door het bericht te retourneren. 
> ================================================
> The information contained in this message may be confidential 
> and is intended to be exclusively for the addressee. Should you 
> receive this message unintentionally, please do not use the contents 
> herein and notify the sender immediately by return e-mail.
> 
> 
> 


================================================
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en 
is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht 
onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken en 
de afzender direct te informeren door het bericht te retourneren. 
================================================
The information contained in this message may be confidential 
and is intended to be exclusively for the addressee. Should you 
receive this message unintentionally, please do not use the contents 
herein and notify the sender immediately by return e-mail.

Prev by Date: RE: draft-ietf-pkix-logotypes-06.txt
Next by Date: Re: Authority Key Identifier
Previous by thread: Re: Authority Key Identifier
Next by thread: RE: Authority Key Identifier
Index(es):
- Date
- Thread