[cabfpub] TorServiceDescriptor OID Change?

Ben Wilson ben.wilson at digicert.com
Fri Jul 10 00:31:07 UTC 2015


Is anyone implementing these already?  If not, is it too late to change
them--  at least the TOR service descriptor as Rich Smith indicates -
switching the .1 with the .31, since the .1 oid arc represents
guidelines/certificate policies?  I have the EV Guidelines open in edit mode
for the creation of version 1.5.6 based on Ballot 147.



From: Rich Smith [mailto:richard.smith at comodo.com]
Sent: Thursday, June 25, 2015 8:39 AM
To: Ben Wilson; 'CABFPub'
Subject: RE: [cabfpub] TorServiceDescriptor OID Change?



Occurs to me that we probably should have done similar with the nonces, but
probably also a little late to correct that one now.



From: public-bounces at cabforum.org <mailto:public-bounces at cabforum.org>
[mailto:public-bounces at cabforum.org] On Behalf Of Rich Smith
Sent: Thursday, June 25, 2015 10:36 AM
To: 'Ben Wilson'; 'CABFPub'
Subject: Re: [cabfpub] TorServiceDescriptor OID Change?



Ben, I agree with your reasoning, but would suggest that the TOR descriptor
probably should be one more level down rather than directly off the
ca-browser-forum tree.



I propose:

2.23.140

               --> 31 - ServiceDescriptors

                              --> 1 - TORServiceDescriptor



Reasoning being that at the moment the TOR descriptor is the only one, but
that may not always be the case.



-Rich



From: public-bounces at cabforum.org <mailto:public-bounces at cabforum.org>
[mailto:public-bounces at cabforum.org] On Behalf Of Ben Wilson
Sent: Wednesday, June 24, 2015 6:10 AM
To: CABFPub
Subject: [cabfpub] TorServiceDescriptor OID Change?



Should or can the TOR Service Descriptor OID (certificate extension) be
changed from 2.23.140.1.31 to 2.23.140.31?  Or something else?  I think the
CA/B Forum OID tree should reserve “1” for guidelines and policies.



See below:



CA/Browser Forum OID Chart

2 - joint-iso-itu

└→         23 -  international-organization

               └→         140 - ca-browser-forum

                              └→         1 - certificate-policies

                                             └→         1 -
extended-validation-ssl

                                             └→         2
-baseline-requirements-ssl

                                                            └→         1 -
domain-validated

                                                            └→         2 -
subject-identity-validated

                                                            └→         3 -
individual-identity-validated

                                             └→         3 -
extended-validation-code-signing

                                                            └→         1 -


                                                            └→         2 -


                                             └→         4 -
baseline-requirements-code-signing

                              └→         31 - TorServiceDescriptor

                        └→       41 - caSigningNonce

                              └→         42 - applicantSigningNonce



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150710/e44e1033/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4954 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150710/e44e1033/attachment.p7s>


More information about the Public mailing list