Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add explanation for and optional nature of bundleEID otherName #211

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 0 additions & 4 deletions c509_demo_impl/src/main.rs
Original file line number Diff line number Diff line change
Expand Up @@ -615,10 +615,6 @@ fn cbor_general_names(b: &[u8], t: u8, opt: u8) -> Vec<u8> {
let inner_value = &value[12..]; //TODO, check handling of long values
match value {
[0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x08, ..] => match value[9] {
0x0B => {
vec.push(lcbor_int(-3));
vec.push(lcbor_bytes(inner_value));
}
0x09 => {
vec.push(lcbor_int(-2));
vec.push(cbor_other_name_mail(inner_value));
Expand Down
6 changes: 4 additions & 2 deletions draft-ietf-cose-cbor-encoded-cert.md
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,7 @@ normative:
RFC8949:
RFC9052:
RFC9090:
RFC9171:
RFC9277:
RFC9360:

Expand Down Expand Up @@ -366,7 +367,7 @@ CBOR encoding of the following extension values is fully supported:

CBOR encoding of the following extension values are partly supported:

* Subject Alternative Name (subjectAltName). If the subject alternative name only contains general names registered in {{GN}} the extension value can be CBOR encoded. extensionValue is encoded as an array of (int, any) pairs where each pair encodes a general name (see {{GN}}). If subjectAltName contains exactly one dNSName, the array and the int are omitted and extensionValue is the dNSName encoded as a CBOR text string. In addition to the general names defined in {{RFC5280}}, the hardwareModuleName type of otherName has been given its own int due to its mandatory use in IEEE 802.1AR. When 'otherName + hardwareModuleName' is used, then \[ ~oid, bytes \] is used to contain the pair ( hwType, hwSerialNum ) directly as specified in {{RFC4108}}. Only the general names in {{GN}} are supported.
* Subject Alternative Name (subjectAltName). If the subject alternative name only contains general names registered in {{GN}} the extension value can be CBOR encoded. extensionValue is encoded as an array of (int, any) pairs where each pair encodes a general name (see {{GN}}). If subjectAltName contains exactly one dNSName, the array and the int are omitted and extensionValue is the dNSName encoded as a CBOR text string. In addition to the general names defined in {{RFC5280}}, some types of otherName have been given their own negative int code point. For hardwareModuleName this is due to its mandatory use in IEEE 802.1AR. When 'otherName + hardwareModuleName' is used, then \[ oid, bytes \] is used to identify the pair ( hwType, hwSerialEntries ) directly as specified in {{RFC4108}}. For bundleEID this allows the encoding to be compressed with CBOR form based on the EID scheme as specified in {{RFC9171}} and any later bundle EID scheme registrations. A general purpose translating c509 processor does not need to use the bundleEID form and instead can use the generic otherName form to avoid bundle EID processing. Only the general names in {{GN}} are supported.

~~~~~~~~~~~ CDDL
GeneralName = ( GeneralNameType : int, GeneralNameValue : any )
Expand Down Expand Up @@ -1437,7 +1438,8 @@ IANA has created a new registry titled "C509 General Names Registry" under the n
| | Comments: id-on-bundleEID |
| | (1.3.6.1.5.5.7.8.11) |
| | 06 08 2B 06 01 05 05 07 08 0B |
| | Value: eid-structure from RFC 9171 |
| | Value: bstr .cborseq eid-structure |
| | (from RFC 9171) |
+-------+-----------------------------------------------------------+
| -2 | Name: otherName with SmtpUTF8Mailbox |
| | Comments: id-on-SmtpUTF8Mailbox |
Expand Down