Re: [TLS] CertficateRequest extension encoding

Apologies, I hit 'Send' too early. Finished a sentence below: On Sun, Sep 4, 2016 at 1:41 PM David Benjamin wrote: > I have no involvement in systems that would want this (our implementation > just ignores it), but it seems a TLS-style registry would be better than >

Re: [TLS] CertficateRequest extension encoding

I have no involvement in systems that would want this (our implementation just ignores it), but it seems a TLS-style registry would be better than using OIDs anyway. Concretely: A CertificateExtension is a hint to the client about what kind of certificates are acceptable. We have a registry of

[TLS] CertficateRequest extension encoding

How are the OIDs and values in CertificateRequest extensions encoded exactly (I can't make it out from the text)? Does the OID part have the ASN.1 OID TLV tag and length (e.g. is EKU 0x55 0x1D 0x25 or 0x06 0x03 0x55 0x1D 0x25)? And how is the value encoded? Using the same encoding as extnValue