I'm in the process of adding CSR support to the NSS python binding and
I'm not sure I fully follow how CSR attributes are handled so I'm
looking for some clarification.
From reading the relevant RFC's my understanding is that a CSR contains
a sequence of attributes and an attribute has a type (OID) and a set of
values matching that OID type.
One possible attribute type is a PKCS #9 Extension Request, but their
could be other attribute types as well, right?
What's confusing me that the NSS API (as well as the implementation)
seems to assume the *only* attribute type in a CSR will be a PKCS #9
Extension Request (i.e. a set of cert extensions).
Am I missing something? What about the other possible CSR attributes? Or
in practice are they never used? Or am I being lame and just not finding
the code in NSS which deals with CSR attribute other than cert
extensions? Or do I just not understand the RFC definition of a CSR?
Thanks,
John
--
John Dennis <jden...@redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
