On 5/11/23 12:33, Viktor Dukhovni wrote:
On Thu, May 11, 2023 at 11:26:25AM -0400, Robert Moskowitz wrote:
In rfc5280:
IssuerAltName ::= GeneralNames
GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
GeneralName ::= CHOICE {
otherName [0] OtherName,
rfc822Name [1] IA5String,
dNSName [2] IA5String,
x400Address [3] ORAddress,
directoryName [4] Name,
ediPartyName [5] EDIPartyName,
uniformResourceIdentifier [6] IA5String,
iPAddress [7] OCTET STRING,
registeredID [8] OBJECT IDENTIFIER }
So since I want a DET as IssuerAltName (e.g.
20010030000000052aeb9adc1ce8b1ecO), it seems that iPAddress is the only
thing that works. So in the config file, I tried:
No, you would use "otherName", which is a combination of an OID and
corresponding data. You would register (if there isn't one already) a
suitable OID for DET-values, and choose a suitable DET encoding to go
with that OID.
ARGH!!! :)
I am struggling with OIDs right now. For now, I am using my IANA
Enterprise OID, 1.3.6.1.4.1.6715.2.6 for CERT RR with Private OID as
there is no OID to use. I am asking ICAO to use theirs, and hope to get
1.3.27.9 to work off of. But that can take lots of time to work through.
But I don't see otherName in the list above? How would I code
otherName. btw for my work with 802.1AR certs that need a SN in
subjectAltName I have used otherName.
And that has seemed to work for SAN, but what to do for IAN?
