<html> <head> <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> Hi Fraser, My apology for getting back to you this late due to Dogtag release. (I think there may be a major issue there, so you might want to jump to the "hmmm" part first) General: * It would help if in the review request email, you could put a link to the spec you are coding against. I had to search around and every place I looked it requires me to sign in or purchase. IECUserRolesExtension.java * It would help if you could put the relevant ASN1 in the extension code IECUserRolesExtension.java * the getName() method returns the OID string instead of the conventional name of the class * by convention, other existing extension classes use the JAVA class Boolean instead of the native boolean for criticality. Please try to stick to it. * hmmm... Shouldn't this extension be a "SEQUENCE of" "UserRoleInfo"? This code seems to implement only the "UserRoleInfo" part. This would be a major problem. You might want to take a look of how SubjectAlternativeNameExtension.java is done where it is a "SEQUENCE of" GeneralName See: <a class="moz-txt-link-freetext" href="http://tools.ietf.org/html/rfc5280#section-4.2.1.6">http://tools.ietf.org/html/rfc5280#section-4.2.1.6</a> scroll down a bit to see the ASN1 definition. Search in our code for the following: - SubjectAlternativeNameExtension.java - GeneralNames - GeneralName Again, since I don't have the spec that you code against so I might be wrong, please supply the ASN1 spec to this extension before I continue. I think I will stop here and let you work on / respond to the above first as it seems like a deal breaker if I was right. regards, Christina <pre wrap=""> </pre> <div class="moz-cite-prefix">On 08/18/2014 12:03 AM, Fraser Tweedale wrote: </div> <blockquote cite="mid:20140818070325.GG6278@dhcp-40-8.bne.redhat.com" type="cite"> <pre wrap="">On Thu, Aug 14, 2014 at 04:26:59PM +1000, Fraser Tweedale wrote: </pre> <blockquote type="cite"> <pre wrap="">On Thu, Aug 14, 2014 at 04:21:57PM +1000, Fraser Tweedale wrote: </pre> <blockquote type="cite"> <pre wrap="">Here is the first (rough) cut of IEC 62351-8 (IECUserRoles) extension support and a DNP3 profile that makes use of it. This is to meet (some of) the PKI needs for the "Smart Grid" DNP3 Secure Authentication v5 (SAv5) standard. In brief, the SN and all the IECUserRoles params will be given in profile inputs, and the key is taken from a CertReqInput. There's still a bit of work to go - notably, some of the IECUserRoles fields are unimplemented, and some of those that *are* implemented are not yet read out of the profile input but rather are hardcoded. The extension *does* appear on the certificate, so I should get that all completed tomorrow. Cheers, Fraser </pre> </blockquote> </blockquote> <pre wrap="">These patches have been completed and are ready for review. New versions are attached. </pre> <fieldset class="mimeAttachmentHeader"></fieldset> <pre wrap="">_______________________________________________ Pki-devel mailing list <a class="moz-txt-link-abbreviated" href="mailto:Pki-devel@redhat.com">Pki-devel@redhat.com</a> <a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/pki-devel">https://www.redhat.com/mailman/listinfo/pki-devel</a></pre> </blockquote> </body> </html>