Support extension OID 1.3.6.1.5.5.7.1.12 (logoType)

[april]

Do you have a site I can test against? Censys doesn't, afaik, let you search by arbitrary extension OIDs.

Thanks!

[ziegeer]

Yep: amfam.com

[april]

I honestly didn't even know this was possible. That's crazy to waste all that bandwidth during the TLS negotiation!

[rugk]

Is there any plain text description in English for what "1.3.6.1.5.5.7.1.12" is?? 😆

[april]

It basically allows people to add unviewable icons to their certs. :)

[rugk]

Wtf… 😮

[rugk]

Well… you could make them visible, at least :laughing:

[april]

Huh, oddly enough I can't seem to get it to send me a cert that includes this extension anymore. It's really hard to test without it.

[april]

Today I discovered this:

https://censys.io/certificates?q=parsed.unknown_extensions.id%3A+1.3.6.1.5.5.7.1.12

That will make this all a lot easier!

[april]

Examining the Censys data, it seems that certs with logoTypes haven't really been issued since 2012 and they all basically expire by August of this year. Since they're so rare and nearly impossible to find in the real world, I'm going to WONTFIX this one.

Thanks for opening it up, @ziegeer.

[Gunni]

Digging up an ancient ticket, i know, sorry... But I just noticed that BIMI uses 1.3.6.1.5.5.7.1.12.

https://datatracker.ietf.org/doc/draft-blank-ietf-bimi/

Example record with cert:

default._bimi.cnn.com.  1800    IN      TXT     "v=BIMI1; l=https://amplify.valimail.com/bimi/time-warner/gf2-6sjViJc-cnn_com_vmc_2021-01-06.svg; a=https://amplify.valimail.com/bimi/time-warner/gf2-6sjViJc-cnn_com_vmc_2021-01-06.pem"

Just letting you know, i have no stake or need for the support, just noticed this today and thought it was interesting. 🤓

[egberts]

The breakdown of the Logotype is detailed in in this RFC 3709 Section 4.1 id-pe-logotype OID

Python has an ASN1 module that can parse this OID RAW data. https://github.com/etingof/pyasn1-modules/blob/master/pyasn1_modules/rfc3709.py