[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: OIDs



I believe this question is appropriate for SSL talk. Flame me if it's
not. ;-)
I also cc:'ed the ietf group because I thought people would be
interested. 

With the newly defined X.509 extensions, I was wondering which products
(and in which releases) the following extensions would be supported for
SSL.

When I say supported, I don't mean they won't crash when they encounter
them, rather the product will use the information in the extension to do
some further processing, e.g., if the mime type indicates a CA cert,
does the Basic Constraints extension have to be set to CA? And which
Basic Constraints extension will it look for?

>#define ID_CE_1 "{ 2 5 29 1 }" /* authorityKeyIdentifier     */
>#define ID_CE_2 "{ 2 5 29 2 }" /* keyAttributes              */
>#define ID_CE_3 "{ 2 5 29 3 }" /* certificatePolicies        */
>#define ID_CE_4 "{ 2 5 29 4 }" /* keyUsageRestriction        */
>#define ID_CE_5 "{ 2 5 29 5 }" /* policyMapping              */
>#define ID_CE_6  "{ 2 5 29 6 }" /* subtreesConstraint        */
>#define ID_CE_7 "{ 2 5 29 7 }" /* subjectAltName             */
>#define ID_CE_8 "{ 2 5 29 8 }" /* issuerAltName              */
>#define ID_CE_9 "{ 2 5 29 9 }" /* subjectDirectoryAttributes */
>#define ID_CE_10 "{ 2 5 29 10 }" /* basicConstraints  x.509  */
>#define ID_CE_11 "{ 2 5 29 11 }" /* nameConstraints          */
>#define ID_CE_12 "{ 2 5 29 12 }" /* policyConstraints        */
>#define ID_CE_13 "{ 2 5 29 13 }" /* basicConstraints  9.55   */
>
>/* The following are the latest X.509 extensions */
>#define ID_CE_14  "{ 2 5 29 14 }" /* subjectKeyIdentifier     */
>#define ID_CE_15  "{ 2 5 29 15 }" /* keyUsage                 */
>#define ID_CE_16  "{ 2 5 29 16 }" /* privateKeyUsagePeriod    */
>#define ID_CE_17  "{ 2 5 29 17 }" /* subjectAltName           */
>#define ID_CE_18  "{ 2 5 29 18 }" /* issuerAltName            */
>#define ID_CE_19  "{ 2 5 29 19 }" /* basicConstraints         */
>#define ID_CE_20  "{ 2 5 29 20 }" /* cRLNumber    	      */
>#define ID_CE_21  "{ 2 5 29 21 }" /* cRLReason		      */
>#define ID_CE_31  "{ 2 5 29 31 }" /* cRLDistPoints            */
>#define ID_CE_32  "{ 2 5 29 32 }" /* certificatePolicies      */
>#define ID_CE_35  "{ 2 5 29 35 }" /* authorityKeyIdentifier   */
>
>
>Also, how widely accepted are the Netscape extensions. I know of at least one
>product that does not support them.
>
>#define ID_NET_1 "{ 2 16 840 1 113730 1 1 }" /* NetscapeCertType */
>#define ID_NET_2 "{ 2 16 840 1 113730 1 2 }" /* NetscapeBaseUrl */
>#define ID_NET_3 "{ 2 16 840 1 113730 1 3 }" /* NetscapeRevocationUrl */
>#define ID_NET_4 "{ 2 16 840 1 113730 1 4 }" /* NetscapeCaRevocationUrl */
>#define ID_NET_7 "{ 2 16 840 1 113730 1 7 }" /* NetscapeCertRenewalUrl */
>#define ID_NET_8 "{ 2 16 840 1 113730 1 8 }" /* NetscapeCaPolicyUrl */
>#define ID_NET_12 "{ 2 16 840 1 113730 1 12 }" /* NetscapeSSLServerName */
>#define ID_NET_13 "{ 2 16 840 1 113730 1 13 }" /* NetscapeComment */
>