Attribute Certificate mysteries: Targets/targetInformation

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Attribute Certificate mysteries: Targets/targetInformation

Richard Levitte - VMS Whacker
Hey,

I need some help understanding the EXTENSION ASN.1 type.  I haven't
been able to find ANY information on how it works and what it
corresponds to in ASN.1 1988 syntax, and it's quite possible I'm
getting so tired that my eyes are crossing, rendering me virtually
dyslectic...

Anyhow, in X.509, the extension for the targets attribute in attribute
certificates is coded like this:

    targetingInformation EXTENSION ::= {
          SYNTAX            SEQUENCE SIZE (1..MAX) OF Targets
          IDENTIFIED BY     id-ce-targetInformation }
    Targets     ::=    SEQUENCE SIZE (1..MAX) OF Target
    Target      ::=    CHOICE {
          targetName        [0]      GeneralName,
          targetGroup       [1]      GeneralName,
          targetCert        [2]      TargetCert }
    TargetCert ::=     SEQUENCE {
          targetCertificate IssuerSerial,
          targetName        GeneralName OPTIONAL,
          certDigestInfo    ObjectDigestInfo OPTIONAL }

I interpret that as the extension value being a
SEQUENCE OF SEQUENCE OF Target, but as I said, my understanding of the
EXTENSION type is nil, so I may be confused to the extreme.

However, the targetInformation type isn't defined at all in rfc 3281,
and if my interpretation above is correct, doesns't that constitute an
incompatibility of this extension?

If anyone can point me at a correct and understandable definition of
the EXTENSION type, I'd be extremely happy.

Cheers,
Richard

-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.

--
Richard Levitte                         [hidden email]
                                        http://richard.levitte.org/

"When I became a man I put away childish things, including
 the fear of childishness and the desire to be very grown up."
                                                -- C.S. Lewis

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Attribute Certificate mysteries: Targets/targetInformation

Daniel Diaz Sanchez-2
Hello,

This extension is not defined in RFC 3281 but in ITU-T X.509 recomendation.

Dani

Richard Levitte <[hidden email]> dijo:

> Hey,
>
> I need some help understanding the EXTENSION ASN.1 type.  I haven't
> been able to find ANY information on how it works and what it
> corresponds to in ASN.1 1988 syntax, and it's quite possible I'm
> getting so tired that my eyes are crossing, rendering me virtually
> dyslectic...
>
> Anyhow, in X.509, the extension for the targets attribute in attribute
> certificates is coded like this:
>
>    targetingInformation EXTENSION ::= {
>          SYNTAX            SEQUENCE SIZE (1..MAX) OF Targets
>          IDENTIFIED BY     id-ce-targetInformation }
>    Targets     ::=    SEQUENCE SIZE (1..MAX) OF Target
>    Target      ::=    CHOICE {
>          targetName        [0]      GeneralName,
>          targetGroup       [1]      GeneralName,
>          targetCert        [2]      TargetCert }
>    TargetCert ::=     SEQUENCE {
>          targetCertificate IssuerSerial,
>          targetName        GeneralName OPTIONAL,
>          certDigestInfo    ObjectDigestInfo OPTIONAL }
>
> I interpret that as the extension value being a
> SEQUENCE OF SEQUENCE OF Target, but as I said, my understanding of the
> EXTENSION type is nil, so I may be confused to the extreme.
>
> However, the targetInformation type isn't defined at all in rfc 3281,
> and if my interpretation above is correct, doesns't that constitute an
> incompatibility of this extension?
>
> If anyone can point me at a correct and understandable definition of
> the EXTENSION type, I'd be extremely happy.
>
> Cheers,
> Richard
>
> -----
> Please consider sponsoring my work on free software.
> See http://www.free.lp.se/sponsoring.html for details.
>
> --
> Richard Levitte                         [hidden email]
>                                        http://richard.levitte.org/
>
> "When I became a man I put away childish things, including
> the fear of childishness and the desire to be very grown up."
> -- C.S. Lewis
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> Development Mailing List                       [hidden email]
> Automated List Manager                           [hidden email]
>



--
----
DANIEL DIAZ SANCHEZ
WebCartero
Universidad Carlos III de Madrid

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Attribute Certificate mysteries: Targets/targetInformation

Richard Levitte - VMS Whacker
In message <[hidden email]> on Mon, 02 Jul 2007 20:36:59 +0200, "Daniel Díaz Sanchez" <[hidden email]> said:

dds> This extension is not defined in RFC 3281 but in ITU-T X.509
dds> recomendation.

I think you should read section 4.3.2 in rfc 3281, which I just did
and found the information I needed.  Apparently, my interpretation was
correct, I was just a bit miffed by what looked like an omission in
the ASN.1 module at the end...

Thanks.

Cheers,
Richard

-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.

--
Richard Levitte                         [hidden email]
                                        http://richard.levitte.org/

"When I became a man I put away childish things, including
 the fear of childishness and the desire to be very grown up."
                                                -- C.S. Lewis
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Attribute Certificate mysteries: Targets/targetInformation

Daniel Diaz Sanchez-2
Ups, sorry

I read it many times but... I forgot :)

I use http://www.itu.int/ITU-T/asn1/database/itu-t/x/x509/2005/index2.html
for ASN1


Dani



 -----Mensaje original-----
 De: [hidden email] [mailto:[hidden email]]
 En nombre de Richard Levitte
 Enviado el: lunes, 02 de julio de 2007 21:02
 Para: [hidden email]
 Asunto: Re: Attribute Certificate mysteries: Targets/targetInformation
 
 In message <[hidden email]> on
 Mon, 02 Jul 2007 20:36:59 +0200, "Daniel Díaz Sanchez" <[hidden email]>
 said:
 
 dds> This extension is not defined in RFC 3281 but in ITU-T X.509
 dds> recomendation.
 
 I think you should read section 4.3.2 in rfc 3281, which I just did
 and found the information I needed.  Apparently, my interpretation was
 correct, I was just a bit miffed by what looked like an omission in
 the ASN.1 module at the end...
 
 Thanks.
 
 Cheers,
 Richard
 
 -----
 Please consider sponsoring my work on free software.
 See http://www.free.lp.se/sponsoring.html for details.
 
 --
 Richard Levitte                         [hidden email]
                                         http://richard.levitte.org/
 
 "When I became a man I put away childish things, including
  the fear of childishness and the desire to be very grown up."
  -- C.S. Lewis
 ______________________________________________________________________
 OpenSSL Project                                 http://www.openssl.org
 Development Mailing List                       [hidden email]
 Automated List Manager                           [hidden email]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]