*However* the meaning of 'support' in the context of otherName is somewhat ambiguous. The actual value field can contain anything depending on the name field.
Yeah. I'd settle with being able to give an OID in the dotted decimal notation and the value in hex. That maybe a simplistic opinion, but I figure I can build the application to take the data from internal to hex and vice versa (possibly even in accordance to ASN.1/?ER rules!).
Has anyone thought of this - if I declare an OID to be "this data is a pointer into my database" how do relying parties figure this out? As in, is there some way to retrieve the ASN.1 rules/interpretation at run time? Securely?
(I'd imagine an oid.arpa in DNS...e.g., 1.4.my-arc.oid.arpa would have a record describing the meaning of the OID (my-arc.4.1 of course), in perhaps an ASN RR, and of course DNSSEC protected. I can dream, can I?)
At some point (situation permitting) I may add some code to parse or print its contents automatically. That's a bit complex though because doing it properly would need some non trivial modification of the extension code.
That's what I'm afraid of.
-- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-703-227-9854 ARIN Research Engineer
Sponge Bob Square Pants? I'm still trying to figure out the Macarena. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
