[TLS] CertficateRequest extension encoding

Ilari Liusvaara <ilariliusvaara@welho.com> Sun, 04 September 2016 10:56 UTC

Return-Path: <ilariliusvaara@welho.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 5F1EA12B0A9 for <tls@ietfa.amsl.com>; Sun, 4 Sep 2016 03:56:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.408
X-Spam-Status: No, score=-3.408 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-1.508] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id qBda-Kb91SzW for <tls@ietfa.amsl.com>; Sun, 4 Sep 2016 03:56:40 -0700 (PDT)
Received: from welho-filter4.welho.com (welho-filter4.welho.com []) by ietfa.amsl.com (Postfix) with ESMTP id 7106C12B03D for <tls@ietf.org>; Sun, 4 Sep 2016 03:56:39 -0700 (PDT)
Received: from localhost (localhost []) by welho-filter4.welho.com (Postfix) with ESMTP id 6A97113F6B for <tls@ietf.org>; Sun, 4 Sep 2016 13:56:38 +0300 (EEST)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp3.welho.com ([IPv6:::ffff:]) by localhost (welho-filter4.welho.com [::ffff:]) (amavisd-new, port 10024) with ESMTP id BsykrkDufWA2 for <tls@ietf.org>; Sun, 4 Sep 2016 13:56:38 +0300 (EEST)
Received: from LK-Perkele-V2 (87-100-237-87.bb.dnainternet.fi []) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by welho-smtp3.welho.com (Postfix) with ESMTPSA id 35E202310 for <tls@ietf.org>; Sun, 4 Sep 2016 13:56:38 +0300 (EEST)
Date: Sun, 04 Sep 2016 13:56:37 +0300
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: tls@ietf.org
Message-ID: <20160904105637.sjl4wmr2hc2mito6@LK-Perkele-V2.elisa-laajakaista.fi>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
User-Agent: NeoMutt/ (1.7.0)
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/m1noRi15b0S3S0990jdphCcA90o>
Subject: [TLS] CertficateRequest extension encoding
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Sep 2016 10:56:42 -0000

How are the OIDs and values in CertificateRequest extensions encoded
exactly (I can't make it out from the text)?

Does the OID part have the ASN.1 OID TLV tag and length (e.g.
is EKU 0x55 0x1D 0x25 or 0x06 0x03 0x55 0x1D 0x25)?

And how is the value encoded? Using the same encoding as
extnValue payload of respective extension in X.509 certifcates?
Or is it OID-specific (and if it is, what exactly goes to it
for EKU and KU? RFC 5280 ExtKeyUsageSyntax and KeyUsage?)

(Currently the text just refers to DER encoding, and in a
way that could be read to apply to just to values).