pem-dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

1992 Certificate Format

1993-03-19 09:41:00
from [Richard . Ankney] [Permanent Link] 
The last draft I have is (I think) a DIS, from early 1992.  The synyax is:

Certificate ::= SIGNED SEQUENCE {
    version         ]0[  Version DEFAULT v1,
    serialNumber         CertificateSerialNumber,
    signature            AlgorithmIdentifier,
    issuer               Name,
    validity             Validity,
    subject              Name,
    subjectPublicKeyInfo SubjectPublicKeyInfo,
    issuerUniqueIdentifier    ]1[  IMPLICIT BIT STRING OPTIONAL,
    subjectUniqueIdentifier   ]2[  IMPLICIT BIT STRING OPTIONAL }

Version ::= INTEGER { v1(0), v2(1) }

(Other types as in 1988.)

The only change I know has been made is used of the SIGNED parameterized
type rather than the SIGNED macro, to align w/ 1992 ASN.1.  This does NOT
change the encoding at all (and hardly changes the syntax).

Per the DIS:  "The exact form of the unique identifier is unspecified here
and left to the certification authority and might be, for example, and object
identifier, a certificate, a date, oe some other form of certification on the
validity of the distinguished name...In situations where a distinguished name
might be reassigned to a different user by the Naming Authority, CAs can use
the unique identifier to distinguish between reused instances.  However, if
the same user is provided certificates by multiple CAs, it is recommended that
the CAs coordinate on the assignment of unique identifiers as part of their
user registration procedures."

This sort of implies you can't rely on the UIDs to carry any additional
semantic value, much to the dismay of those of us who wanted to hide extra
information in them.  E.g. there isn't even a requirement that the issuer
UID in a user's certificate match the subject UID in the CA's certificate.

There is a rumor that CCITT will start posting some of their new standards
on a mail server over in Geneva sometime early this year, accessible via
X.400 and Internet.  If I can track down the announcement I will post it to
this list.  CCITT was embarrassed into this by carl(_at_)malamud(_dot_)com, I 
would
imagine.  ISO has no plans to do this (since they make a lot of money off
selling standards), and ANSI is even worse (they won't even give published
versions to the members of the working group who writes the standards.)

Regards,
Rich
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: PEM MIME Content-Type, Steve Kent
Next by Date:  CCITT Document Service, Richard . Ankney
Previous by Thread:  1992 certificate format, Jeff Thompson
Next by Thread:  PEM MIME Content-Type, Peter Williams
Indexes:  [Date] [Thread] [Top] [All Lists]