x509 v4
Martin Kouril
Does somebody know how x509v4 certs differ from x509v3 certs?
Thank You
Martin
____________________________________________________________
http://www.bezpecnyinternet.cz
http://ad.seznam.cz/clickthru?spotId=80833
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org
Peter
certs, but version 3 I think implies the certificate has extensions
upon its base. I used this: http://www.ietf.org/rfc/rfc3280.txt for
something I was doing a while ago and if you skim parts you might find
references to the rfcs you're looking for. But this document will
clear up the differences between varying x509 versions with their
extensions and possibly point you in the right direction for googling
version 4 rfcs.
- Peter
Richard Levitte - VMS Whacker
Kouril.Martin> Does somebody know how x509v4 certs differ from x509v3
Kouril.Martin> certs?
Until just now, I didn't know there was a v4 format. I'm not sure
there is, either. All I can find when I search for X.509 v4, are
discussions on some mailing lists back in '96 and '01. The '96
discussions indicate that the only difference would be in the
notBefore and notAfter fields, to become generalizedTime instead of a
CHOICE of different time formats.
Cheers,
Richard
-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.
--
Richard Levitte ric...@levitte.org
http://richard.levitte.org/
"When I became a man I put away childish things, including
the fear of childishness and the desire to be very grown up."
-- C.S. Lewis
Charles B Cranston
mention of a PKIPath extension, but I did see a reference to
an X509_4thEditionDraftV7.pdf which contains dates roughly
simlar to the ones Richard quotes. There was a reference
to RFC3281 which talks about attribute certificates,
but the version code in those is 0 (version one). If v4
really means anything in itself, it would imply a version
code in the certificate of 3...
Richard Levitte - VMS Whacker wrote:
> In message <598.938-29521-763...@seznam.cz> on Wed, 22 Dec 2004 15:42:00 +0100 (CET), Martin Kouril <Kouril...@seznam.cz> said:
>
> Kouril.Martin> Does somebody know how x509v4 certs differ from x509v3
> Kouril.Martin> certs?
>
> Until just now, I didn't know there was a v4 format. I'm not sure
> there is, either. All I can find when I search for X.509 v4, are
> discussions on some mailing lists back in '96 and '01. The '96
> discussions indicate that the only difference would be in the
> notBefore and notAfter fields, to become generalizedTime instead of a
> CHOICE of different time formats.
>
> Cheers,
> Richard
>
> -----
> Please consider sponsoring my work on free software.
> See http://www.free.lp.se/sponsoring.html for details.
>
--
"An Internet-connected Windows machine is tantamount to
a toddler carrying a baggie of $100 bills down a city street..."
Charles B (Ben) Cranston
mailto: zb...@umd.edu
http://www.wam.umd.edu/~zben
Richard Levitte - VMS Whacker
zben> Having much the same results on my googling -- there is some
zben> mention of a PKIPath extension, but I did see a reference to
zben> an X509_4thEditionDraftV7.pdf which contains dates roughly
zben> simlar to the ones Richard quotes. There was a reference
zben> to RFC3281 which talks about attribute certificates,
zben> but the version code in those is 0 (version one). If v4
zben> really means anything in itself, it would imply a version
zben> code in the certificate of 3...
X509_4thEditionDraftV7.pdf (I'm reading my copy right now) still has
Time defined as a choice of UTCTime and GeneralizedTime, and (on page
23), version is still to be set to v2 (1) or v3 (2). So that doesn't
seem to have anything to do with the alleged X.509 v4...
And considering the discussions I mentioned were so long ago, and
nothing seems to have been said since, I'm assuming the v4 idea was
dropped, at least for now.
ACs are totally different beasts than the regular X.509 certs, even
though the are part of the X.509 draft mentioned above. Because of
that, it's really quite tricky to talk about X.509 v{anything}, since
the current version depends on the object type as well. I think it's
safe to assume we're talking about "regular" certs as long as nothing
else is said, though...
-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.
--
Richard Levitte ric...@levitte.org
http://richard.levitte.org/
"When I became a man I put away childish things, including
the fear of childishness and the desire to be very grown up."
-- C.S. Lewis
Peter Sylvester
> X509_4thEditionDraftV7.pdf (I'm reading my copy right now) still has
> Time defined as a choice of UTCTime and GeneralizedTime, and (on page
> 23), version is still to be set to v2 (1) or v3 (2). So that doesn't
> seem to have anything to do with the alleged X.509 v4...
>
> And considering the discussions I mentioned were so long ago, and
> nothing seems to have been said since, I'm assuming the v4 idea was
> dropped, at least for now.
As far as I understand "X509_4thEdition", it is the 4 in that word
that is meant.
Since the invention of extensions there is not really a need
to change the format of certs or crls, or ...