new example from russ and job, -03 published
This commit is contained in:
parent
8cdde2b887
commit
00e77361f5
1 changed files with 381 additions and 327 deletions
|
|
@ -8,7 +8,7 @@
|
||||||
<?rfc compact="yes"?>
|
<?rfc compact="yes"?>
|
||||||
<?rfc subcompact="no"?>
|
<?rfc subcompact="no"?>
|
||||||
|
|
||||||
<rfc category="std" docName="draft-ietf-opsawg-9092-update-02"
|
<rfc category="std" docName="draft-ietf-opsawg-9092-update-03"
|
||||||
submissionType="IETF" consensus="true" ipr="trust200902"
|
submissionType="IETF" consensus="true" ipr="trust200902"
|
||||||
obsoletes="9092" version="2" >
|
obsoletes="9092" version="2" >
|
||||||
|
|
||||||
|
|
@ -813,6 +813,22 @@
|
||||||
There are no new actions needed by the IANA.
|
There are no new actions needed by the IANA.
|
||||||
</t>
|
</t>
|
||||||
</section>
|
</section>
|
||||||
|
<section title="Acknowledgments" anchor="acks">
|
||||||
|
<t>Thanks to Rob Austein for CMS and detached signature clue,
|
||||||
|
George Michaelson for the first and substantial external review,
|
||||||
|
and Erik Kline who was too shy to agree to coauthorship.
|
||||||
|
Additionally, we express our gratitude to early implementors,
|
||||||
|
including Menno Schepers; Flavio Luciani; Eric Dugas; and Kevin
|
||||||
|
Pack. Also, thanks to the following geolocation providers who
|
||||||
|
are consuming geofeeds with this described solution: Jonathan
|
||||||
|
Kosgei (ipdata.co), Ben Dowling (ipinfo.io), and Pol Nisenblat
|
||||||
|
(bigdatacloud.com). For an amazing number of helpful reviews,
|
||||||
|
we thank Job Snijders, who also found an ASN.1 'inherit' issue;
|
||||||
|
Adrian Farrel; Antonio Prado; Francesca Palombini; Jean-Michel
|
||||||
|
Combes (INTDIR); John Scudder; Kyle Rose (SECDIR); Martin Duke;
|
||||||
|
Murray Kucherawy; Paul Kyzivat (GENART); Rob Wilton; Roman
|
||||||
|
Danyliw; and Ties de Kock.</t>
|
||||||
|
</section>
|
||||||
</middle>
|
</middle>
|
||||||
<back>
|
<back>
|
||||||
|
|
||||||
|
|
@ -924,9 +940,11 @@
|
||||||
|
|
||||||
|
|
||||||
<section title="Example" anchor="example">
|
<section title="Example" anchor="example">
|
||||||
|
|
||||||
<t>
|
<t>
|
||||||
This appendix provides an example, including a trust anchor, a CA
|
This appendix provides an example, including a trust anchor, a
|
||||||
certificate subordinate to the trust anchor, an end-entity
|
CRL signed by the trust anchor, a CA certificate subordinate to
|
||||||
|
the trust anchor, a CRL signed by the CA, an end-entity
|
||||||
certificate subordinate to the CA for signing the geofeed, and a
|
certificate subordinate to the CA for signing the geofeed, and a
|
||||||
detached signature.</t>
|
detached signature.</t>
|
||||||
|
|
||||||
|
|
@ -961,6 +979,23 @@ Quz66XrzxtmxlrRcAnbv/HtV17qOd4my6q5yjTPR1dmYN9oR/2ChlXtGE6uQVguA
|
||||||
rvNZ5CwiJ1TgGGTB7T8ORHwWU6dGTc0jk2rESAaikmLi1roZSNC21fckhapEit1a
|
rvNZ5CwiJ1TgGGTB7T8ORHwWU6dGTc0jk2rESAaikmLi1roZSNC21fckhapEit1a
|
||||||
x8CyiVxjcVc5e0AmS1rJfL6LIfwmtive/N/eBtIM92HkBA==
|
x8CyiVxjcVc5e0AmS1rJfL6LIfwmtive/N/eBtIM92HkBA==
|
||||||
-----END CERTIFICATE-----
|
-----END CERTIFICATE-----
|
||||||
|
]]></artwork></figure>
|
||||||
|
|
||||||
|
<t>
|
||||||
|
The CRL issued by the trust anchor.</t>
|
||||||
|
|
||||||
|
<figure><artwork><![CDATA[
|
||||||
|
-----BEGIN X509 CRL-----
|
||||||
|
MIIBjjB4AgEBMA0GCSqGSIb3DQEBCwUAMBUxEzARBgNVBAMTCmV4YW1wbGUtdGEX
|
||||||
|
DTIzMDkyMDE4MDkxMVoXDTIzMTAyMDE4MDkxMVqgLzAtMB8GA1UdIwQYMBaAFMC9
|
||||||
|
Ul2+0niyFuyzo0OV0gYLmQgyMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IB
|
||||||
|
AQALdNwYgIPHVauhT9yGV2Oj28aj6yI8X/xQz53Gh7zqz4AfKSA3rmFUiQiPnLiA
|
||||||
|
oO+oI83tzoTwxwVRdGpzc8ZhZ5yCwAQYZdiGteagLFi1zghWbRNWH/m7q/ypw1xd
|
||||||
|
GZs3ow6b29OMr9ue/5s++bWMQ6oHh24cVB5S9kX3v7N0OeE0/SGcKtaeT+WE5SWC
|
||||||
|
hudIB52s5NPcKu1SEnn/D8JLGoadxatmFEGMfRX2Wo9dcntcyCr/MPl6ZhvM9tsF
|
||||||
|
Oxoom7RRnAfz+AWwptYrCkvKFdk974UCe9Bq2Bq3xuhrLs1kT6+yy0U9y7hyJYK/
|
||||||
|
Dq9IJ9RuBsQagykwbwLbzlTr
|
||||||
|
-----END X509 CRL-----
|
||||||
]]></artwork></figure>
|
]]></artwork></figure>
|
||||||
|
|
||||||
<t>
|
<t>
|
||||||
|
|
@ -998,6 +1033,24 @@ x8CyiVxjcVc5e0AmS1rJfL6LIfwmtive/N/eBtIM92HkBA==
|
||||||
s4NArJzIL+8sqmIeuWUD11WXQ3wsC0IWuPMi6XOJQnPQQFtMPr79cftsw+Ynr/vc
|
s4NArJzIL+8sqmIeuWUD11WXQ3wsC0IWuPMi6XOJQnPQQFtMPr79cftsw+Ynr/vc
|
||||||
F+WPd2Mdaby93ASOE2MyXdaaOf8Av3wIpMvhMuAuM03V/mPVksqxUbfOLw==
|
F+WPd2Mdaby93ASOE2MyXdaaOf8Av3wIpMvhMuAuM03V/mPVksqxUbfOLw==
|
||||||
-----END CERTIFICATE-----
|
-----END CERTIFICATE-----
|
||||||
|
]]></artwork></figure>
|
||||||
|
|
||||||
|
<t>
|
||||||
|
The CRL issued by the CA.</t>
|
||||||
|
|
||||||
|
<figure><artwork><![CDATA[
|
||||||
|
-----BEGIN X509 CRL-----
|
||||||
|
MIIBrTCBlgIBATANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygzQUNFMkNFRjRG
|
||||||
|
QjIxQjdEMTFFM0UxODRFRkMxRTI5N0IzNzc4NjQyFw0yMzA5MjAxODIzNTBaFw0y
|
||||||
|
MzEwMjAxODIzNTBaoC8wLTAfBgNVHSMEGDAWgBQ6zizvT7IbfRHj4YTvweKXs3eG
|
||||||
|
QjAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQsFAAOCAQEAiiqMfYMxDTKYosc77UM0
|
||||||
|
qzLuVsik3QHRMZI1YC/WVMNnuNrppjKr5e9lrfHF92XX4nO7odJk9TuCT+xpn6of
|
||||||
|
/E5XQMh0btrgRO4lFS8SBqhD32++j65EWeOVHxwwiVIw0Nq9l+5kNa3a5Rfvr03d
|
||||||
|
/c2DvgIUmrhQkJqUEYH0009oTsx2cFNIURhgpwdXulCcaPVO8QnKE0Vz7JwmuQJH
|
||||||
|
U1vj8wB7rbW9gszbimInb1WNjR8cGL/USnDBTtoc1GSjQyhPck/UGyh5zgrmbS5R
|
||||||
|
HpDVvN3FM6f8nfuz8qNy7TC8umV8IUzkJ+3+bxlUnyPUV9VNuQOQJHIgWzciA0cS
|
||||||
|
XQ==
|
||||||
|
-----END X509 CRL-----
|
||||||
]]></artwork></figure>
|
]]></artwork></figure>
|
||||||
|
|
||||||
<t>
|
<t>
|
||||||
|
|
@ -1047,8 +1100,8 @@ x8CyiVxjcVc5e0AmS1rJfL6LIfwmtive/N/eBtIM92HkBA==
|
||||||
10 1: INTEGER 2
|
10 1: INTEGER 2
|
||||||
: }
|
: }
|
||||||
13 20: INTEGER
|
13 20: INTEGER
|
||||||
: 27 AD 39 40 83 D7 F2 B5 B9 9B 86 70 C7 75 B2
|
: 27 AD 39 40 83 D7 F2 B5 B9 9B 86 70 C7 75 B2 B9 6E
|
||||||
: B9 6E E1 66 EC
|
: E1 66 EC
|
||||||
35 13: SEQUENCE {
|
35 13: SEQUENCE {
|
||||||
37 9: OBJECT IDENTIFIER
|
37 9: OBJECT IDENTIFIER
|
||||||
: sha256WithRSAEncryption (1 2 840 113549 1 1 11)
|
: sha256WithRSAEncryption (1 2 840 113549 1 1 11)
|
||||||
|
|
@ -1144,13 +1197,15 @@ x8CyiVxjcVc5e0AmS1rJfL6LIfwmtive/N/eBtIM92HkBA==
|
||||||
: }
|
: }
|
||||||
: }
|
: }
|
||||||
584 24: SEQUENCE {
|
584 24: SEQUENCE {
|
||||||
586 3: OBJECT IDENTIFIER certificatePolicies (2 5 29 32)
|
586 3: OBJECT IDENTIFIER
|
||||||
|
: certificatePolicies (2 5 29 32)
|
||||||
591 1: BOOLEAN TRUE
|
591 1: BOOLEAN TRUE
|
||||||
594 14: OCTET STRING, encapsulates {
|
594 14: OCTET STRING, encapsulates {
|
||||||
596 12: SEQUENCE {
|
596 12: SEQUENCE {
|
||||||
598 10: SEQUENCE {
|
598 10: SEQUENCE {
|
||||||
600 8: OBJECT IDENTIFIER
|
600 8: OBJECT IDENTIFIER
|
||||||
: resourceCertificatePolicy (1 3 6 1 5 5 7 14 2)
|
: resourceCertificatePolicy
|
||||||
|
: (1 3 6 1 5 5 7 14 2)
|
||||||
: }
|
: }
|
||||||
: }
|
: }
|
||||||
: }
|
: }
|
||||||
|
|
@ -1312,5 +1367,4 @@ x8CyiVxjcVc5e0AmS1rJfL6LIfwmtive/N/eBtIM92HkBA==
|
||||||
|
|
||||||
</section>
|
</section>
|
||||||
</back>
|
</back>
|
||||||
|
|
||||||
</rfc>
|
</rfc>
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue