[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
crossCertificatePair, what exactly should the contents be?
I'm gonna admit to being a bit frustrated about the
crossCertificatePair attribute. I want to know what the contents
should be. Two DER blobs in sequence, where the first is the forward
cerificate and the second is the reverse certificate? A certs-only
PKCS#7 thingy? A PKCS#12 thingy?
I mean, in RFC2252, I get to know the following about the defined
syntax for that attribute:
--------------------
6.7. Certificate Pair
( 1.3.6.1.4.1.1466.115.121.1.10 DESC 'Certificate Pair' )
Because the Certificate is being carried in binary, values in this
syntax MUST only be transferred using a binary encoding, by
requesting or returning the attribute description
"crossCertificatePair;binary". The BNF notation in RFC 1778 for
"Certificate Pair" is not recommended to be used.
--------------------
Really? Not look in RFC1778? Cool, then I know what NOT to do.
It looks like there's a draft that would define the syntax a little
better: draft-ietf-pkix-ldap-pki-schema-00.txt. It basically says
that the value "is the octet string that results from the BER/DER-
encoding an X.509 public key certificate pair". However, I still
don't know what a "public key certificate pair" exactly is in this
context. Is it a "SEQUENCE { issuedToThisCA Certificate,
issuedByThisCA Certificate }" or what?
Please help. If nothing else, please point me at documentation that
really defines this, not just the vague mumblage that I've found so
far.
And I realise that this is not the fault of anyone on this list. I'm
not blaming anyone, just a bit frustrated.
--
Richard Levitte \ Spannvägen 38, II \ LeViMS@stacken.kth.se
Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis -- poei@bofh.se
Member of the OpenSSL development team: http://www.openssl.org/
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.