[TLS] Re: ASN.1 in draft-ietf-tls-trust-anchor-ids

Thu, 15 May 2025 14:36:05 -0700 

I've added the ASN.1 module to the GitHub copy, tweaked slightly (been
trying to switch from "identifier" to "ID" and it looked like id-mod-*
tended to be lowercase, so I've matched that). Thanks so much for the
example! Let me know if I got any of that wrong.
https://github.com/tlswg/tls-trust-anchor-ids/commit/dc9906a8db09d781f951467595b936d4dac4716d

On Wed, May 14, 2025 at 5:50 PM David Benjamin <david...@google.com> wrote:

> Whoops, I cut a new version just to snapshot an old "identifier" -> "ID"
> change hanging around in GitHub before I saw this message! Just replying to
> acknowledge this and that I did not ignore it intentionally! Will add this
> to the document, probably tomorrow. Thanks for putting that together!
>
> On Mon, May 12, 2025 at 6:51 PM Russ Housley <hous...@vigilsec.com> wrote:
>
>> In addition, you could mandate that the extension can never be critical:
>>
>>      ext-trustAnchorIdentifier EXTENSION ::= {
>>        SYNTAX TrustAnchorIdentifier
>>        IDENTIFIED BY id-pe-trustAnchorIdentifier
>>        CRITICALITY { FALSE } }
>>
>> Russ
>>
>> > On May 12, 2025, at 4:44 PM, Russ Housley <hous...@vigilsec.com> wrote:
>> >
>> > Please include a full ASN.1 module in the document that follows the RFC
>> 5912 conventions for defining extensions.  I have attached it.
>> >
>> > I have assumed that the module identifier and the OID for the extension
>> will be assigned from thr PKIX registries.
>> >
>> > Russ
>> >
>> > = = = = = = =
>> >
>> >   <CODE BEGINS>
>> >   TrustAnchorIdentifiers-2025
>> >        { iso(1) identified-organization(3) dod(6) internet(1)
>> >          security(5) mechanisms(5) pkix(7) id-mod(0)
>> >          id-mod-TrustAnchorIdentifiers-2025(TBD1) }
>> >
>> >   DEFINITIONS EXPLICIT TAGS ::=
>> >   BEGIN
>> >
>> >   IMPORTS
>> >       EXTENSION
>> >       FROM PKIX-CommonTypes-2009 -- From [RFC5912]
>> >       { iso(1) identified-organization(3) dod(6)
>> >         internet(1) security(5) mechanisms(5) pkix(7)
>> >         id-mod(0) id-mod-pkixCommon-02(57) };
>> >
>> >   -- Trust Anchor Identifiers Certificate Extension
>> >
>> >   ext-TrustAnchorIdentifiers EXTENSION ::= {
>> >       SYNTAX TrustAnchorIdentifier
>> >       IDENTIFIED BY id-pe-trustAnchorIdentifier }
>> >
>> >   id-pe-trustAnchorIdentifier OBJECT IDENTIFIER ::= { TBD2 }
>> >
>> >   TrustAnchorIdentifier ::= RELATIVE-OID
>> >
>> >   END
>> >   <CODE ENDS>
>> >
>>
>>

_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-le...@ietf.org

Reply via email to