 |  |  |
 |
X.500 Object Identifiers allocated by OpenFortressThe position of OpenFortress in the OID tree is 1.3.6.1.4.1.10471under this node, a number of OIDs are defined for OpenFortress usage. Please note that the parent node, 1.3.6.1.4.1, represents IANA-registered Private Enterprises.
To verify this number, please lookup the list maintained by IANA.
.1 - Certificate Practice StatementThe following OID points to a Certificate Practice Statement: 1.3.6.1.4.1.10471.1The value of this field is a URL of a PDF document. This document may include other documents by reference, but will always do so using the format of this OID. The URL of the certificate practice statement contains a filename comprising of a SHA1 checksum in hexadecimal notation followed by Please note that inclusion by reference is only possible for older documents, because the SHA1 checksum in the reference cannot be known in before finishing a document. To validate the origin of the document is OpenFortress, it is possible to attache Specific CPS's fall under this number, with one number to add the document, and another to add the version (starting at 1). For instance, the root key management description adds Example values for this OID field are http://openfortress.nl/doc/064e0ef64f402e7da2c5fe264355d72bc0dea7ac.pdf .2 - Limitation of liabilityThe following OID defines an upper limit for liability: 1.3.6.1.4.1.10471.2The value of this field is a value, often measured in grams of gold because that value system is fairly independent of most political issues; it is free of erosion. Liability is a difficult matter for any Certification Authority. If set too low, it will lower the trust in a signed-for party; if set too high, it may call for abuse. Where liability is set below minimum demands of a country, it should be replaced by the minimum of the local standard. However, note that OpenFortress resides under Dutch law. This OID is only valid when cryptographically tied to a period of validity. X.509 certificates define such a period by way of their initiation and expiry date. The liability set by this OID is only valid during the period of validity; outside that period, the liability is always zero, zilch, nothing, nada. OpenFortress often delegates liability to its reseller network, and notes their guaranteed liability in the certificates when this is requested by the reseller.
In this case, the value will be denominated in the currency guaranteed by the reseller, and a remark will be added: An example value for this OID field is: Good for financial transactions up to a value of 0 grams of gold .3 - Distinguishing minor numberThe following OID is used to distinguish objects with the same 1.3.6.1.4.1.10471.3This field contains an arbitarary string, intended to ensure that the object's dn fields is unique.
One possible implementation is to use a number that increments for every new certificate requested (for that cn value).
Sometimes the same Depending on the kind of object, it may be required that fields for this OID are ignored, to obtain a notion of equivalence that intentionally spans multiple certificates. Example values for a cn=Anonymous user 12345/distinguishingMinorNumber=678 cn=Anonymous user 12345/distinguishingMinorNumber=690The objects (probably certificates) with these two dn values may be intended as equivalents, with only a minor number added to distinguish the certificates in the group that collectively authenticates Anonymous user 12345.
|
 |  |