[cabfpub] TorServiceDescriptor OID Change?
Ben Wilson
ben.wilson at digicert.com
Fri Jul 10 00:31:07 UTC 2015
Is anyone implementing these already? If not, is it too late to change
them-- at least the TOR service descriptor as Rich Smith indicates -
switching the .1 with the .31, since the .1 oid arc represents
guidelines/certificate policies? I have the EV Guidelines open in edit mode
for the creation of version 1.5.6 based on Ballot 147.
From: Rich Smith [mailto:richard.smith at comodo.com]
Sent: Thursday, June 25, 2015 8:39 AM
To: Ben Wilson; 'CABFPub'
Subject: RE: [cabfpub] TorServiceDescriptor OID Change?
Occurs to me that we probably should have done similar with the nonces, but
probably also a little late to correct that one now.
From: public-bounces at cabforum.org <mailto:public-bounces at cabforum.org>
[mailto:public-bounces at cabforum.org] On Behalf Of Rich Smith
Sent: Thursday, June 25, 2015 10:36 AM
To: 'Ben Wilson'; 'CABFPub'
Subject: Re: [cabfpub] TorServiceDescriptor OID Change?
Ben, I agree with your reasoning, but would suggest that the TOR descriptor
probably should be one more level down rather than directly off the
ca-browser-forum tree.
I propose:
2.23.140
--> 31 - ServiceDescriptors
--> 1 - TORServiceDescriptor
Reasoning being that at the moment the TOR descriptor is the only one, but
that may not always be the case.
-Rich
From: public-bounces at cabforum.org <mailto:public-bounces at cabforum.org>
[mailto:public-bounces at cabforum.org] On Behalf Of Ben Wilson
Sent: Wednesday, June 24, 2015 6:10 AM
To: CABFPub
Subject: [cabfpub] TorServiceDescriptor OID Change?
Should or can the TOR Service Descriptor OID (certificate extension) be
changed from 2.23.140.1.31 to 2.23.140.31? Or something else? I think the
CA/B Forum OID tree should reserve “1” for guidelines and policies.
See below:
CA/Browser Forum OID Chart
2 - joint-iso-itu
└→ 23 - international-organization
└→ 140 - ca-browser-forum
└→ 1 - certificate-policies
└→ 1 -
extended-validation-ssl
└→ 2
-baseline-requirements-ssl
└→ 1 -
domain-validated
└→ 2 -
subject-identity-validated
└→ 3 -
individual-identity-validated
└→ 3 -
extended-validation-code-signing
└→ 1 -
└→ 2 -
└→ 4 -
baseline-requirements-code-signing
└→ 31 - TorServiceDescriptor
└→ 41 - caSigningNonce
└→ 42 - applicantSigningNonce
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150710/e44e1033/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4954 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150710/e44e1033/attachment.p7s>
More information about the Public
mailing list