[cc'd to PKIX for comment]
[EMAIL PROTECTED] writes:
>Included below is a exchange of E-Mails with verisign support. I recently
>obtained a versign cert and found an undocumented private verisign extension
>in it. It is obvious that I want to know what information is stored in that
>extension. Verisign fails to give an sufficient answer.
I've been trying to find out what 2.16.840.1.113733.1.6.3 and
2.16.840.1.113733.1.6.6 are, as well as what the policy qualifiers
2 16 840 1 113733 1 7 1 1 1 and 2 16 840 1 113733 1 7 1 1 2 mean, for some
time now, but noone at Verisign will tell you.
This leads to an interesting question: What are the semantics for these things?
As far as anyone knows, the .1 policy could be "By using this certificate you
agree to take full responsibility for any misuse of this certificate,
regardless of what the CPS says" (which would be perfectly valid, since it's a
policy qualifier), .2 might be "In the event of any dispute, Verisign is always
right", .3 contains a copy of your private key encrypted with _NSAKEY :-), and
who knows what .6 is. Since the point of a CPS is that both the end entity and
relying party can read it and know what they're getting, wouldn't the use of
unpublished qualifiers and extensions which can modify the CPS destroy any
possibility of reliance on the certs which contain them?
Peter.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
