Now I think we are in sync. So my question was, what is the OID (numeric
encoding) of the attribute "Certificate" as used in the baseline X.509
specification,
There were two: the attribute to contain CA certificates is different from that
to contain user's certificates.
joint(2) ds(5) attributeType(4) userCertificate(36)
joint(2) ds(5) attributeType(4) caCertificate(37)
and what was the numeric encoding of the attribute
"Certificate" as defined in RFC-142x.
None was assigned, as there were no attributes defined in RFC 1421-1424.
And moreover, what OID _should_ be assigned to the "V3 certificate" to be
defined in RFC-XXXX for PEM/MIME before the ISO version is standardized.
This question should probably be directed to the IETF Directory Schema WG.
Does the proposed v3 ISO certificate have a different OID than the v1, in
addition to the version number that is encoded within it?
I would not think so.
And I guess I am assuming that the way that the certificate is actually
encoded includes both the attribute OID, identifying the structure as a
certificate of a particular type, together with the appropriate values, as
opposed to somehow recognizing that a particular structure is a certificate
through some context mechanism.
No, this information is outside the certificate.
The ASN.1 type Certificate, a SIGNED SEQUENCE {...} containing issuer and
subject names &c is in '88 terms an attribute syntax, not an attribute.
Attribute ::= SEQUENCE {
type AttributeType,
values SET OF -- at least one -- AttributeValue }
AttributeType ::= OBJECT IDENTIFIER -- e.g. 2.5.4.36
AttributeValue ::= ANY -- e.g. a value of type Certificate
I do not believe there are any occurences of "Attribute" or "AttributeType"
in the PEM RFCs.
------------------------------------------------------------
Mark Wahl; M(_dot_)Wahl(_at_)isode(_dot_)com; ISODE Consortium;
http://www.isode.com/