| rfc9763v2.txt | rfc9763.txt | |||
|---|---|---|---|---|
| skipping to change at line 313 ¶ | skipping to change at line 313 ¶ | |||
| The RelatedCertificate extension contains the hash of a single end- | The RelatedCertificate extension contains the hash of a single end- | |||
| entity certificate. | entity certificate. | |||
| The RelatedCertificate extension has the following syntax: | The RelatedCertificate extension has the following syntax: | |||
| -- Object Identifier for certificate extension | -- Object Identifier for certificate extension | |||
| id-relatedCert OBJECT IDENTIFIER ::= { 36 } | id-relatedCert OBJECT IDENTIFIER ::= { 36 } | |||
| -- X.509 Certificate extension | -- X.509 Certificate extension | |||
| RelatedCertificate ::= SEQUENCE { | RelatedCertificate ::= SEQUENCE { | |||
| hashAlgorithm AlgorithmIdentifier, | hashAlgorithm DigestAlgorithmIdentifier, | |||
| hashValue OCTET STRING } | hashValue OCTET STRING } | |||
| The extension is a SEQUENCE of two fields. The hashAlgorithm field | The extension is a SEQUENCE of two fields. The hashAlgorithm field | |||
| identifies the hash algorithm used to compute hashValue, which is the | identifies the hash algorithm used to compute hashValue, which is the | |||
| digest value obtained from hashing the entire related certificate | digest value obtained from hashing the entire related certificate | |||
| identified in the relatedCertRequest CSR attribute defined above. If | identified in the relatedCertRequest CSR attribute defined above. If | |||
| there is a hash algorithm explicitly indicated by the related | there is a hash algorithm explicitly indicated by the related | |||
| certificate's signature OID (e.g., ecdsa-with-SHA512), that hash | certificate's signature OID (e.g., ecdsa-with-SHA512), that hash | |||
| algorithm SHOULD be also used for this extension. | algorithm SHOULD be also used for this extension. | |||
| skipping to change at line 603 ¶ | skipping to change at line 603 ¶ | |||
| Appendix A. ASN.1 Module | Appendix A. ASN.1 Module | |||
| The following RelatedCertificate ASN.1 module describes the | The following RelatedCertificate ASN.1 module describes the | |||
| RequesterCertificate type found in the relatedCertAttribute. It | RequesterCertificate type found in the relatedCertAttribute. It | |||
| pulls definitions from modules defined in [RFC5912] and [RFC6268] for | pulls definitions from modules defined in [RFC5912] and [RFC6268] for | |||
| the IssuerAndSerialNumber type and in [RFC6019] for the BinaryTime | the IssuerAndSerialNumber type and in [RFC6019] for the BinaryTime | |||
| type. | type. | |||
| RelatedCertificate { iso(1) identified-organization(3) dod(6) | RelatedCertificate { iso(1) identified-organization(3) dod(6) | |||
| internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) | internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) | |||
| id-mod-related-cert-2023(115)} | id-mod-related-cert-2023(115)} | |||
| DEFINITIONS IMPLICIT TAGS ::= | DEFINITIONS IMPLICIT TAGS ::= | |||
| BEGIN | BEGIN | |||
| IMPORTS | IMPORTS | |||
| ATTRIBUTE, EXTENSION | ATTRIBUTE, EXTENSION | |||
| FROM PKIX-CommonTypes-2009 -- in RFC 5912 | FROM PKIX-CommonTypes-2009 -- in RFC 5912 | |||
| { iso(1) identified-organization(3) dod(6) internet(1) | { iso(1) identified-organization(3) dod(6) internet(1) | |||
| security(5) mechanisms(5) pkix(7) id-mod(0) | security(5) mechanisms(5) pkix(7) id-mod(0) | |||
| id-mod-pkixCommon-02(57) } | id-mod-pkixCommon-02(57) } | |||
| IssuerAndSerialNumber | IssuerAndSerialNumber, DigestAlgorithmIdentifier | |||
| FROM CryptographicMessageSyntax-2010 -- in RFC 6268 | FROM CryptographicMessageSyntax-2010 -- in RFC 6268 | |||
| { iso(1) member-body(2) us(840) rsadsi(113549) | { iso(1) member-body(2) us(840) rsadsi(113549) | |||
| pkcs(1) pkcs-9(9) smime(16) modules(0) | pkcs(1) pkcs-9(9) smime(16) modules(0) | |||
| id-mod-cms-2009(58) } | id-mod-cms-2009(58) } | |||
| BinaryTime | BinaryTime | |||
| FROM BinarySigningTimeModule -- in RFC 6019 | FROM BinarySigningTimeModule -- in RFC 6019 | |||
| { iso(1) member-body(2) us(840) rsadsi(113549) | { iso(1) member-body(2) us(840) rsadsi(113549) | |||
| pkcs(1) pkcs-9(9) smime(16) modules(0) | pkcs(1) pkcs-9(9) smime(16) modules(0) | |||
| id-mod-binarySigningTime(27) } ; | id-mod-binarySigningTime(27) } ; | |||
| -- Object identifier arcs | -- Object identifier arcs | |||
| id-pe OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) | id-pe OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) | |||
| dod(6) internet(1) security(5) mechanisms(5) pkix(7) 1 } | dod(6) internet(1) security(5) mechanisms(5) pkix(7) 1 } | |||
| id-aa OBJECT IDENTIFIER ::= { iso(1) member-body(2) usa(840) | id-aa OBJECT IDENTIFIER ::= { iso(1) member-body(2) usa(840) | |||
| rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) attributes(2) } | rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) 2 } | |||
| -- relatedCertificate Extension | -- relatedCertificate Extension | |||
| id-pe-relatedCert OBJECT IDENTIFIER ::= { id-pe 36 } | id-pe-relatedCert OBJECT IDENTIFIER ::= { id-pe 36 } | |||
| RelatedCertificate ::= SEQUENCE { | RelatedCertificate ::= SEQUENCE { | |||
| hashAlgorithm AlgorithmIdentifier, | hashAlgorithm DigestAlgorithmIdentifier, | |||
| hashValue OCTET STRING } | hashValue OCTET STRING } | |||
| ext-relatedCertificate EXTENSION ::= { | ext-relatedCertificate EXTENSION ::= { | |||
| SYNTAX RelatedCertificate | SYNTAX RelatedCertificate | |||
| IDENTIFIED BY id-pe-relatedCert } | IDENTIFIED BY id-pe-relatedCert } | |||
| -- relatedCertRequest Attribute | -- relatedCertRequest Attribute | |||
| id-aa-relatedCertRequest OBJECT IDENTIFIER ::= { id-aa 60 } | id-aa-relatedCertRequest OBJECT IDENTIFIER ::= { id-aa 60 } | |||
| RequesterCertificate ::= SEQUENCE { | RequesterCertificate ::= SEQUENCE { | |||
| certID IssuerAndSerialNumber, | certID IssuerAndSerialNumber, | |||
| requestTime BinaryTime, | requestTime BinaryTime, | |||
| locationInfo UniformResourceIdentifier, | locationInfo UniformResourceIdentifiers, | |||
| signature BIT STRING } | signature BIT STRING } | |||
| UniformResourceIdentifier ::= IA5String | UniformResourceIdentifiers ::= SEQUENCE SIZE (1..MAX) OF URI | |||
| URI ::= IA5String | ||||
| aa-relatedCertRequest ATTRIBUTE ::= { | aa-relatedCertRequest ATTRIBUTE ::= { | |||
| TYPE RequesterCertificate | TYPE RequesterCertificate | |||
| IDENTIFIED BY id-aa-relatedCertRequest } | IDENTIFIED BY id-aa-relatedCertRequest } | |||
| END | END | |||
| Authors' Addresses | Authors' Addresses | |||
| Alison Becker | Alison Becker | |||
| National Security Agency | National Security Agency | |||
| Email: aebecke@uwe.nsa.gov | Email: aebecke@uwe.nsa.gov | |||
| Rebecca Guthrie | Rebecca Guthrie | |||
| End of changes. 12 change blocks. | ||||
| 31 lines changed or deleted | 33 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||