When we decided to re-use the CMS-defined structure as a way to convey different types of certificates, including X.509 certificates, we are facing the question about what those other types are and whether we need to register OIDs for them. Why do we need to register OIDs for these types of certificates? The answer is in the structure of the CertificateChoices from CMS, see
CertificateChoices ::= CHOICE {
certificate Certificate,
extendedCertificate [0] IMPLICIT ExtendedCertificate, -- Obsolete
v1AttrCert [1] IMPLICIT AttributeCertificateV1, -- Obsolete
v2AttrCert [2] IMPLICIT AttributeCertificateV2,
other [3] IMPLICIT OtherCertificateFormat }
OtherCertificateFormat ::= SEQUENCE {
otherCertFormat OBJECT IDENTIFIER,
otherCert ANY DEFINED BY otherCertFormat }
When a certificate of type "OtherCertificateFormat" is defined then the type needs to be indicated via an object identifier.
If we have examples of certificate types that we plan to use beyond X.509 certificates then we should register them in the draft already now. An example that comes to my mind is a CWT.
hannestschofenig
commented
1 month ago
When we decided to re-use the CMS-defined structure as a way to convey different types of certificates, including X.509 certificates, we are facing the question about what those other types are and whether we need to register OIDs for them. Why do we need to register OIDs for these types of certificates? The answer is in the structure of the CertificateChoices from CMS, see
When a certificate of type "OtherCertificateFormat" is defined then the type needs to be indicated via an object identifier.
If we have examples of certificate types that we plan to use beyond X.509 certificates then we should register them in the draft already now. An example that comes to my mind is a CWT.