<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi Fraser,<br>
<br>
My apology for getting back to you this late due to Dogtag release.<br>
(I think there may be a major issue there, so you might want to jump
to the "hmmm" part first)<br>
<br>
General:<br>
* It would help if in the review request email, you could put a link
to the spec you are coding against. I had to search around and
every place I looked it requires me to sign in or purchase. <br>
<br>
IECUserRolesExtension.java<br>
* It would help if you could put the relevant ASN1 in the extension
code IECUserRolesExtension.java <br>
* the getName() method returns the OID string instead of the
conventional name of the class<br>
* by convention, other existing extension classes use the JAVA class
Boolean instead of the native boolean for criticality. Please try
to stick to it.<br>
* hmmm... Shouldn't this extension be a "SEQUENCE of"
"UserRoleInfo"? This code seems to implement only the
"UserRoleInfo" part.<br>
This would be a major problem.<br>
You might want to take a look of how
SubjectAlternativeNameExtension.java is done where it is a "SEQUENCE
of" GeneralName<br>
See: <a class="moz-txt-link-freetext" href="http://tools.ietf.org/html/rfc5280#section-4.2.1.6">http://tools.ietf.org/html/rfc5280#section-4.2.1.6</a> scroll down
a bit to see the ASN1 definition.<br>
Search in our code for the following:<br>
- SubjectAlternativeNameExtension.java<br>
- GeneralNames<br>
- GeneralName<br>
<br>
Again, since I don't have the spec that you code against so I might
be wrong, please supply the ASN1 spec to this extension before I
continue.<br>
<br>
I think I will stop here and let you work on / respond to the above
first as it seems like a deal breaker if I was right.<br>
<br>
regards,<br>
Christina<br>
<br>
<pre wrap="">
</pre>
<br>
<br>
<br>
<br>
<div class="moz-cite-prefix">On 08/18/2014 12:03 AM, Fraser Tweedale
wrote:<br>
</div>
<blockquote
cite="mid:20140818070325.GG6278@dhcp-40-8.bne.redhat.com"
type="cite">
<pre wrap="">On Thu, Aug 14, 2014 at 04:26:59PM +1000, Fraser Tweedale wrote:
</pre>
<blockquote type="cite">
<pre wrap="">On Thu, Aug 14, 2014 at 04:21:57PM +1000, Fraser Tweedale wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Here is the first (rough) cut of IEC 62351-8 (IECUserRoles)
extension support and a DNP3 profile that makes use of it. This is
to meet (some of) the PKI needs for the "Smart Grid" DNP3 Secure
Authentication v5 (SAv5) standard.
In brief, the SN and all the IECUserRoles params will be given in
profile inputs, and the key is taken from a CertReqInput.
There's still a bit of work to go - notably, some of the
IECUserRoles fields are unimplemented, and some of those that *are*
implemented are not yet read out of the profile input but rather are
hardcoded. The extension *does* appear on the certificate, so I
should get that all completed tomorrow.
Cheers,
Fraser
</pre>
</blockquote>
</blockquote>
<pre wrap="">These patches have been completed and are ready for review. New
versions are attached.
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Pki-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Pki-devel@redhat.com">Pki-devel@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/pki-devel">https://www.redhat.com/mailman/listinfo/pki-devel</a></pre>
</blockquote>
<br>
</body>
</html>