On 02/06/2012 09:41 AM, Curt Sampson wrote:
If I were to create a custom X.509 certificate extension for use within my enterprise and with others outside who wanted to write or modify their own software to interoperate with it, I'd need to assign an OID for this extension, right? And for that, would the standard way to do this be to assign an OID underneath the one assigned to us by the IANA in their Private Enterprise Number list[1], right?
It is one possible way, you need to find someone that "owns" an OID (forever) and dedicates you a number. in france, every enterprise has an oid 1.3.2.officialenterprisenumber some institution sell such numbers.
(I note that [1] claims to be the "SMI Network Management Private Enterprise Codes", but I gather that others use this for pretty much anything where they need a unique OID.)
I'd prefer to say "non-ambiguous". besides that, I would also investigate your need for a custom extension, if you use it for 'identity', then use a subjectAltname for example if you use it for some kind of attribute based authorisation, well, you are maybe overloading the certificate. Peter ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org