Issuer of 200103ffe3ff8
Robert Moskowitz
rgm at htt-consult.com
Thu May 11 03:09:54 UTC 2023
I am working on developing the X.509 certificates that can be used
behind the IETF DRIP Drone Identity Tags (see rfc 9374).
There is a 2-level hierarchy under the prefix (so perhaps really 3
levels) encoded within the DETs.
So the 'root' or apex is identified by 2001030000000
If the next level is 16376 then the identifier for this level is
200103ffe (well actually more complex as 12 bits does not fit nicely
into nibbles)
And if the lowest level is 16376 the identifier is 200103ffe3ff8
I would want the Issuer DN to be these values. What might be the
preferred DN field for encoding this? CN? UNSTRUCTUREDADDRESS? (how is
this abbreviated?) serialNumber (SN)? or something else?
I may decide to use the whole issuer DET (e.g.
20010030000000052aeb9adc1ce8b1ec; and yes this is a valid IPv6 address)
to know which key was used for signing (key rollover and other thoughts).
BTW to learn of the entity behind, say 200103ffe3ff8 check out
auth.8.f.f.3.e.f.f.3.0.0.1.0.0.2.ip6.arpa. for the URI (not working, yet.)
thanks.
More information about the openssl-users
mailing list