Whoops, I cut a new version just to snapshot an old "identifier" -> "ID" change hanging around in GitHub before I saw this message! Just replying to acknowledge this and that I did not ignore it intentionally! Will add this to the document, probably tomorrow. Thanks for putting that together!
On Mon, May 12, 2025 at 6:51 PM Russ Housley <[email protected]> wrote: > In addition, you could mandate that the extension can never be critical: > > ext-trustAnchorIdentifier EXTENSION ::= { > SYNTAX TrustAnchorIdentifier > IDENTIFIED BY id-pe-trustAnchorIdentifier > CRITICALITY { FALSE } } > > Russ > > > On May 12, 2025, at 4:44 PM, Russ Housley <[email protected]> wrote: > > > > Please include a full ASN.1 module in the document that follows the RFC > 5912 conventions for defining extensions. I have attached it. > > > > I have assumed that the module identifier and the OID for the extension > will be assigned from thr PKIX registries. > > > > Russ > > > > = = = = = = = > > > > <CODE BEGINS> > > TrustAnchorIdentifiers-2025 > > { iso(1) identified-organization(3) dod(6) internet(1) > > security(5) mechanisms(5) pkix(7) id-mod(0) > > id-mod-TrustAnchorIdentifiers-2025(TBD1) } > > > > DEFINITIONS EXPLICIT TAGS ::= > > BEGIN > > > > IMPORTS > > EXTENSION > > FROM PKIX-CommonTypes-2009 -- From [RFC5912] > > { iso(1) identified-organization(3) dod(6) > > internet(1) security(5) mechanisms(5) pkix(7) > > id-mod(0) id-mod-pkixCommon-02(57) }; > > > > -- Trust Anchor Identifiers Certificate Extension > > > > ext-TrustAnchorIdentifiers EXTENSION ::= { > > SYNTAX TrustAnchorIdentifier > > IDENTIFIED BY id-pe-trustAnchorIdentifier } > > > > id-pe-trustAnchorIdentifier OBJECT IDENTIFIER ::= { TBD2 } > > > > TrustAnchorIdentifier ::= RELATIVE-OID > > > > END > > <CODE ENDS> > > > >
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
