new example from russ and job, -03 published
This commit is contained in:
parent
8cdde2b887
commit
00e77361f5
1 changed files with 381 additions and 327 deletions
|
|
@ -8,7 +8,7 @@
|
|||
<?rfc compact="yes"?>
|
||||
<?rfc subcompact="no"?>
|
||||
|
||||
<rfc category="std" docName="draft-ietf-opsawg-9092-update-02"
|
||||
<rfc category="std" docName="draft-ietf-opsawg-9092-update-03"
|
||||
submissionType="IETF" consensus="true" ipr="trust200902"
|
||||
obsoletes="9092" version="2" >
|
||||
|
||||
|
|
@ -813,6 +813,22 @@
|
|||
There are no new actions needed by the IANA.
|
||||
</t>
|
||||
</section>
|
||||
<section title="Acknowledgments" anchor="acks">
|
||||
<t>Thanks to Rob Austein for CMS and detached signature clue,
|
||||
George Michaelson for the first and substantial external review,
|
||||
and Erik Kline who was too shy to agree to coauthorship.
|
||||
Additionally, we express our gratitude to early implementors,
|
||||
including Menno Schepers; Flavio Luciani; Eric Dugas; and Kevin
|
||||
Pack. Also, thanks to the following geolocation providers who
|
||||
are consuming geofeeds with this described solution: Jonathan
|
||||
Kosgei (ipdata.co), Ben Dowling (ipinfo.io), and Pol Nisenblat
|
||||
(bigdatacloud.com). For an amazing number of helpful reviews,
|
||||
we thank Job Snijders, who also found an ASN.1 'inherit' issue;
|
||||
Adrian Farrel; Antonio Prado; Francesca Palombini; Jean-Michel
|
||||
Combes (INTDIR); John Scudder; Kyle Rose (SECDIR); Martin Duke;
|
||||
Murray Kucherawy; Paul Kyzivat (GENART); Rob Wilton; Roman
|
||||
Danyliw; and Ties de Kock.</t>
|
||||
</section>
|
||||
</middle>
|
||||
<back>
|
||||
|
||||
|
|
@ -924,9 +940,11 @@
|
|||
|
||||
|
||||
<section title="Example" anchor="example">
|
||||
|
||||
<t>
|
||||
This appendix provides an example, including a trust anchor, a CA
|
||||
certificate subordinate to the trust anchor, an end-entity
|
||||
This appendix provides an example, including a trust anchor, a
|
||||
CRL signed by the trust anchor, a CA certificate subordinate to
|
||||
the trust anchor, a CRL signed by the CA, an end-entity
|
||||
certificate subordinate to the CA for signing the geofeed, and a
|
||||
detached signature.</t>
|
||||
|
||||
|
|
@ -961,6 +979,23 @@ Quz66XrzxtmxlrRcAnbv/HtV17qOd4my6q5yjTPR1dmYN9oR/2ChlXtGE6uQVguA
|
|||
rvNZ5CwiJ1TgGGTB7T8ORHwWU6dGTc0jk2rESAaikmLi1roZSNC21fckhapEit1a
|
||||
x8CyiVxjcVc5e0AmS1rJfL6LIfwmtive/N/eBtIM92HkBA==
|
||||
-----END CERTIFICATE-----
|
||||
]]></artwork></figure>
|
||||
|
||||
<t>
|
||||
The CRL issued by the trust anchor.</t>
|
||||
|
||||
<figure><artwork><![CDATA[
|
||||
-----BEGIN X509 CRL-----
|
||||
MIIBjjB4AgEBMA0GCSqGSIb3DQEBCwUAMBUxEzARBgNVBAMTCmV4YW1wbGUtdGEX
|
||||
DTIzMDkyMDE4MDkxMVoXDTIzMTAyMDE4MDkxMVqgLzAtMB8GA1UdIwQYMBaAFMC9
|
||||
Ul2+0niyFuyzo0OV0gYLmQgyMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IB
|
||||
AQALdNwYgIPHVauhT9yGV2Oj28aj6yI8X/xQz53Gh7zqz4AfKSA3rmFUiQiPnLiA
|
||||
oO+oI83tzoTwxwVRdGpzc8ZhZ5yCwAQYZdiGteagLFi1zghWbRNWH/m7q/ypw1xd
|
||||
GZs3ow6b29OMr9ue/5s++bWMQ6oHh24cVB5S9kX3v7N0OeE0/SGcKtaeT+WE5SWC
|
||||
hudIB52s5NPcKu1SEnn/D8JLGoadxatmFEGMfRX2Wo9dcntcyCr/MPl6ZhvM9tsF
|
||||
Oxoom7RRnAfz+AWwptYrCkvKFdk974UCe9Bq2Bq3xuhrLs1kT6+yy0U9y7hyJYK/
|
||||
Dq9IJ9RuBsQagykwbwLbzlTr
|
||||
-----END X509 CRL-----
|
||||
]]></artwork></figure>
|
||||
|
||||
<t>
|
||||
|
|
@ -998,6 +1033,24 @@ x8CyiVxjcVc5e0AmS1rJfL6LIfwmtive/N/eBtIM92HkBA==
|
|||
s4NArJzIL+8sqmIeuWUD11WXQ3wsC0IWuPMi6XOJQnPQQFtMPr79cftsw+Ynr/vc
|
||||
F+WPd2Mdaby93ASOE2MyXdaaOf8Av3wIpMvhMuAuM03V/mPVksqxUbfOLw==
|
||||
-----END CERTIFICATE-----
|
||||
]]></artwork></figure>
|
||||
|
||||
<t>
|
||||
The CRL issued by the CA.</t>
|
||||
|
||||
<figure><artwork><![CDATA[
|
||||
-----BEGIN X509 CRL-----
|
||||
MIIBrTCBlgIBATANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygzQUNFMkNFRjRG
|
||||
QjIxQjdEMTFFM0UxODRFRkMxRTI5N0IzNzc4NjQyFw0yMzA5MjAxODIzNTBaFw0y
|
||||
MzEwMjAxODIzNTBaoC8wLTAfBgNVHSMEGDAWgBQ6zizvT7IbfRHj4YTvweKXs3eG
|
||||
QjAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQsFAAOCAQEAiiqMfYMxDTKYosc77UM0
|
||||
qzLuVsik3QHRMZI1YC/WVMNnuNrppjKr5e9lrfHF92XX4nO7odJk9TuCT+xpn6of
|
||||
/E5XQMh0btrgRO4lFS8SBqhD32++j65EWeOVHxwwiVIw0Nq9l+5kNa3a5Rfvr03d
|
||||
/c2DvgIUmrhQkJqUEYH0009oTsx2cFNIURhgpwdXulCcaPVO8QnKE0Vz7JwmuQJH
|
||||
U1vj8wB7rbW9gszbimInb1WNjR8cGL/USnDBTtoc1GSjQyhPck/UGyh5zgrmbS5R
|
||||
HpDVvN3FM6f8nfuz8qNy7TC8umV8IUzkJ+3+bxlUnyPUV9VNuQOQJHIgWzciA0cS
|
||||
XQ==
|
||||
-----END X509 CRL-----
|
||||
]]></artwork></figure>
|
||||
|
||||
<t>
|
||||
|
|
@ -1047,8 +1100,8 @@ x8CyiVxjcVc5e0AmS1rJfL6LIfwmtive/N/eBtIM92HkBA==
|
|||
10 1: INTEGER 2
|
||||
: }
|
||||
13 20: INTEGER
|
||||
: 27 AD 39 40 83 D7 F2 B5 B9 9B 86 70 C7 75 B2
|
||||
: B9 6E E1 66 EC
|
||||
: 27 AD 39 40 83 D7 F2 B5 B9 9B 86 70 C7 75 B2 B9 6E
|
||||
: E1 66 EC
|
||||
35 13: SEQUENCE {
|
||||
37 9: OBJECT IDENTIFIER
|
||||
: sha256WithRSAEncryption (1 2 840 113549 1 1 11)
|
||||
|
|
@ -1144,13 +1197,15 @@ x8CyiVxjcVc5e0AmS1rJfL6LIfwmtive/N/eBtIM92HkBA==
|
|||
: }
|
||||
: }
|
||||
584 24: SEQUENCE {
|
||||
586 3: OBJECT IDENTIFIER certificatePolicies (2 5 29 32)
|
||||
586 3: OBJECT IDENTIFIER
|
||||
: certificatePolicies (2 5 29 32)
|
||||
591 1: BOOLEAN TRUE
|
||||
594 14: OCTET STRING, encapsulates {
|
||||
596 12: SEQUENCE {
|
||||
598 10: SEQUENCE {
|
||||
600 8: OBJECT IDENTIFIER
|
||||
: resourceCertificatePolicy (1 3 6 1 5 5 7 14 2)
|
||||
: resourceCertificatePolicy
|
||||
: (1 3 6 1 5 5 7 14 2)
|
||||
: }
|
||||
: }
|
||||
: }
|
||||
|
|
@ -1312,5 +1367,4 @@ x8CyiVxjcVc5e0AmS1rJfL6LIfwmtive/N/eBtIM92HkBA==
|
|||
|
||||
</section>
|
||||
</back>
|
||||
|
||||
</rfc>
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue