Hodie XIV Kal. Sep. MMVIII est, Kyle Hamilton scripsit:
> X.509 refers to the certificate version.  0 == version 1, 1 == version
> 2, 2 == version 3.
> 
> Version 1 certificates have no means for any extensions.
> Version 2 certificates are CRLs.

?

Version 2 certificates have "issuerUniqueIdentifier" and
"subjectUniqueIdentifier" fields just after the subjectPublicKeyInfo.
These are highly deprecated (I haven't seen any in the field).
Version 3 certificates added support for extensions, after the 2
previously mentioned fields.

CRLs exist since X509v1.

> Version 3 certificates are the current norm, and most likely what you want.
> 
> The best reference currently is RFC5280, and all of its references.

X.509 standard is (my) best reference, on top of which RFC5280 adds
some additional MUST, SHOULD, etc. (I disagree on some of them, that's
why I prefer X.509, but it's a matter of choice).
Oh, X.509 is free to download from the ITU-T website, as is the whole
X.5xx group of documents, and most of the X.6xx (680 and 690 comes to
mind, for ASN.1 and its encodings). That wasn't the case some
months/years ago.

-- 
Erwann ABALEA <[EMAIL PROTECTED]>
-----
Keyboard not connected, press <F1> to continue.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to