John P. Wack wrote:
>
> Hi Folks,
>
> Can anyone either tell me whether there is an assigned OID for the
> basicConstraints extension, and where this is documented? Being
> relatively new to this stuff, I'm trying to hack a Netscape CA to add
> this extension, and Netscape wants the OID as a sequence of digits
> separated by dots. From the
> http://csrc.nist.gov/pki/draft-ietf-pkix-ipki-part1-07.txt, I get
>
> id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 }
>
> BasicConstraints ::= SEQUENCE {
> cA BOOLEAN DEFAULT FALSE,
> pathLenConstraint INTEGER (0..MAX) OPTIONAL }
>
> but I'm having no luck elsewhere on the web understanding what id-ce
> 19 means.
>
id-ce is an abbreviation for something else. From the start of the
document:
certificateExtension OBJECT IDENTIFIER ::=
{joint-iso-ccitt(2) ds(5) 29}
id-ce OBJECT IDENTIFIER ::= certificateExtension
What this is saying is that id-ce is 2.5.29 so basicConstraints is in
fact 2.5.29.19 .
Steve.
--
Dr Stephen N. Henson.
UK based freelance Cryptographic Consultant. For info see homepage.
Homepage: http://www.drh-consultancy.demon.co.uk/
Email: [EMAIL PROTECTED]
PGP key: via homepage.
+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/ |
+-------------------------------------------------------------------------+
