Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error in "Example IEEE 802.1AR profiled X.509 Certificate" #181

Open
xipki opened this issue Apr 23, 2024 · 1 comment
Open

Error in "Example IEEE 802.1AR profiled X.509 Certificate" #181

xipki opened this issue Apr 23, 2024 · 1 comment
Assignees
Labels

Comments

@xipki
Copy link
Contributor

xipki commented Apr 23, 2024

In the current github version of draft-ietf-cose-cbor-encoded-cert.md, Section Example IEEE 802.1AR profiled X.509 Certificate:

  1. The textual (openssl) output of the X.509 certificate does not match the Hex encoded X.509 certificate. The textual output has the hardwareModule type 1.3.6.1.4.1.7.**6175**.10.1, but the hex certificate has the type 1.3.6.1.4.1.7.**6715**.10.1.
  2. The textual and hex representation of the C509 certificate have the type 1.3.6.1.4.1.7.**6175**.10.1.
  3. The C509 certificate still has the issuerSignatureAlgorithmat the position as in draft -09 (before issuerSignatureValue).
@gselander
Copy link
Collaborator

gselander commented Dec 13, 2024

  1. The text output of the X.509 is actually 1.3.6.1.4.1.6175.10.1, not 1.3.6.1.4.1**.7**.6175.10.1, but you are right that it is different from the hex certificate type 1.3.6.1.4.1.6715.10.1.
  2. The text and hex representation of the C509 is 1.3.6.1.4.1.6175.10.1 and should be 1.3.6.1.4.1.6715.10.1
  3. Agreed, this was fixed in -11.

Changes needed in Appendix A.2:

OLD
hwType: 1.3.6.1.4.1.6175.10.1
NEW
hwType: 1.3.6.1.4.1.6715.10.1

OLD
3, [-1, [h'2B06010401B01F0A01', h'01020304']] / subjectAltName w. hard
NEW
3, [-1, [h'2B06010401B43B0A01', h'01020304']] / subjectAltName w. hard

OLD
5B 11 60 21 05 03 82 20 82 49 2B 06 01 04 01 B0 1F 0A 01 44 01 02 03
NEW
5B 11 60 21 05 03 82 20 82 49 2B 06 01 04 01 B4 3B 0A 01 44 01 02 03

We also need to replace the signature value.

(we should also fix the printout of the comment "/ subjectAltName w. hard")

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

3 participants