Skip to content

Commit

Permalink
Add explanation and optional nature of bundleEID otherName
Browse files Browse the repository at this point in the history
  • Loading branch information
BrianSipos authored Aug 13, 2024
1 parent 37bae3a commit 79b9400
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions draft-ietf-cose-cbor-encoded-cert.md
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,7 @@ normative:
RFC8949:
RFC9052:
RFC9090:
RFC9171:
RFC9360:

SECG:
Expand Down Expand Up @@ -356,7 +357,7 @@ CBOR encoding of the following extension values is fully supported:

CBOR encoding of the following extension values are partly supported:

* Subject Alternative Name (subjectAltName). If the subject alternative name only contains general names registered in {{GN}} the extension value can be CBOR encoded. extensionValue is encoded as an array of (int, any) pairs where each pair encodes a general name (see {{GN}}). If subjectAltName contains exactly one dNSName, the array and the int are omitted and extensionValue is the dNSName encoded as a CBOR text string. In addition to the general names defined in {{RFC5280}}, the hardwareModuleName type of otherName has been given its own int due to its mandatory use in IEEE 802.1AR. When 'otherName + hardwareModuleName' is used, then \[ oid, bytes \] is used to identify the pair ( hwType, hwSerialEntries ) directly as specified in {{RFC4108}}. Only the general names in {{GN}} are supported.
* Subject Alternative Name (subjectAltName). If the subject alternative name only contains general names registered in {{GN}} the extension value can be CBOR encoded. extensionValue is encoded as an array of (int, any) pairs where each pair encodes a general name (see {{GN}}). If subjectAltName contains exactly one dNSName, the array and the int are omitted and extensionValue is the dNSName encoded as a CBOR text string. In addition to the general names defined in {{RFC5280}}, some types of otherName has been given their own negative int code point. For hardwareModuleName this is due to its mandatory use in IEEE 802.1AR. When 'otherName + hardwareModuleName' is used, then \[ oid, bytes \] is used to identify the pair ( hwType, hwSerialEntries ) directly as specified in {{RFC4108}}. For bundleEID this allows the encoding to be compressed with CBOR form based on the EID scheme as specified in {{RFC9171}} and any later bundle EID scheme registrations. A general purpose translating c509 processor does not need to use the bundleEID form and instead can use the generic otherName form to avoid bundle EID processing. Only the general names in {{GN}} are supported.

~~~~~~~~~~~ CDDL
GeneralName = ( GeneralNameType : int, GeneralNameValue : any )
Expand Down Expand Up @@ -1379,7 +1380,8 @@ IANA has created a new registry titled "C509 General Names Registry" under the n
| | Comments: id-on-bundleEID |
| | (1.3.6.1.5.5.7.8.11) |
| | 06 08 2B 06 01 05 05 07 08 0B |
| | Value: eid-structure from RFC 9171 |
| | Value: bstr .cbor eid-structure |
| | (from RFC 9171) |
+-------+-----------------------------------------------------------+
| -2 | Name: otherName with SmtpUTF8Mailbox |
| | Comments: id-on-SmtpUTF8Mailbox |
Expand Down

0 comments on commit 79b9400

Please sign in to comment.