Re: [lamps] CSRATTRS specifying the SAN
Michael Richardson <mcr@sandelman.ca> Fri, 11 June 2021 17:10 UTC
Return-Path: <mcr@sandelman.ca>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB2313A1141 for <spasm@ietfa.amsl.com>; Fri, 11 Jun 2021 10:10:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.5
X-Spam-Level: **
X-Spam-Status: No, score=2.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, KHOP_HELO_FCRDNS=0.398, RCVD_IN_SBL_CSS=3.335, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4P9Hojrkpo24 for <spasm@ietfa.amsl.com>; Fri, 11 Jun 2021 10:10:30 -0700 (PDT)
Received: from relay.sandelman.ca (minerva.sandelman.ca [IPv6:2a01:7e00::3d:b000]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B7ACF3A1140 for <spasm@ietf.org>; Fri, 11 Jun 2021 10:10:30 -0700 (PDT)
Received: from dooku.sandelman.ca (cpe788a207f397a-cmbc4dfb96bb50.sdns.net.rogers.com [174.116.121.43]) by relay.sandelman.ca (Postfix) with ESMTPS id AFFC91F47B; Fri, 11 Jun 2021 17:10:27 +0000 (UTC)
Received: by dooku.sandelman.ca (Postfix, from userid 179) id BDD371A02D3; Fri, 11 Jun 2021 13:10:26 -0400 (EDT)
Received: from dooku (localhost [127.0.0.1]) by dooku.sandelman.ca (Postfix) with ESMTP id BC3011A00D8; Fri, 11 Jun 2021 13:10:26 -0400 (EDT)
From: Michael Richardson <mcr@sandelman.ca>
To: Eliot Lear <lear@lear.ch>, spasm@ietf.org
In-reply-to: <7384770c-3b0b-bbb1-bdd9-898719787e7e@lear.ch>
References: <83844291-5785-434E-8956-3FF81ECD761C@cisco.com> <9820.1618358856@localhost> <MW3PR11MB47462121627A10A62E006497DB369@MW3PR11MB4746.namprd11.prod.outlook.com> <26435.1623269725@localhost> <7384770c-3b0b-bbb1-bdd9-898719787e7e@lear.ch>
Comments: In-reply-to Eliot Lear <lear@lear.ch> message dated "Thu, 10 Jun 2021 15:01:29 +0200."
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.3
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Fri, 11 Jun 2021 13:10:26 -0400
Message-ID: <112587.1623431426@dooku>
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/Ju397ZoejIeXD1qL9P9AZp1xXfY>
Subject: Re: [lamps] CSRATTRS specifying the SAN
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Jun 2021 17:10:35 -0000
Eliot Lear <lear@lear.ch> wrote: > On 09.06.21 22:15, Michael Richardson wrote: >> I found the ASN.1 code in section 4.5.2 beyond my understanding, so I >> muddled through, since fortunately, there was an example. >> >> CsrAttrs ::= SEQUENCE SIZE (0..MAX) OF AttrOrOID AttrOrOID ::= CHOICE >> (oid OBJECT IDENTIFIER, attribute Attribute } Attribute { >> ATTRIBUTE:IOSet } ::= SEQUENCE { type ATTRIBUTE.&id({IOSet}), values >> SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{@type}) } > Forgive me, I have indeed misread. the line. I do still have one > question. > I want to understand how to specify the fields that the CA/RA would > want filled in by the requestor. For example, how would you say, > “please provide a SAN of the following form..." such as a serial#? So, just to pick a nit... the serialNumber= attribute is part of the SubjectName. (not SAN). But, it's all just OIDs as attributes. You'd make a sequence SEQ [ OID-X520SerialNumber, SET["JABA1234"]] and then you'd add this to your sequence of stuff you want. I think that "JABA1234" would be of type printableString. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | network architect [ ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
- [lamps] CSRATTRS specifying the SAN Michael Richardson
- Re: [lamps] CSRATTRS specifying the SAN Eliot Lear
- Re: [lamps] CSRATTRS specifying the SAN Michael Richardson
- Re: [lamps] CSRATTRS specifying the SAN Eliot Lear
- Re: [lamps] CSRATTRS specifying the SAN Michael Richardson
- Re: [lamps] CSRATTRS specifying the SAN Sean Turner
- Re: [lamps] EST CSRATTRS specifying the SAN Michael Richardson
- Re: [lamps] EST CSRATTRS specifying the SAN David von Oheimb
- Re: [lamps] EST CSRATTRS specifying the SAN Russ Housley
- Re: [lamps] EST CSRATTRS specifying the SAN David von Oheimb
- [lamps] discussing EST CSRATTRS specifying the SA… Michael Richardson
- Re: [lamps] discussing EST CSRATTRS specifying th… Russ Housley
- Re: [lamps] discussing EST CSRATTRS specifying th… Eliot Lear
- Re: [lamps] EST CSRATTRS specifying the SAN David von Oheimb
- Re: [lamps] EST CSRATTRS specifying the SAN Blumenthal, Uri - 0553 - MITLL
- Re: [lamps] EST CSRATTRS specifying the SAN David von Oheimb