WRT #1947:
There's also a set of extensions we've chosen not to implement at all until users ask for them:
[...]
[...]
I'd like to "officially" make a request support for the "Subject Information Access" extension described in RFC 5280, section 4.2.2.2:
The subject information access extension indicates how to access information and services for the subject of the certificate in which the extension appears. When the subject is a CA, information and services may include certificate validation services and CA policy data. When the subject is an end entity, the information describes the type of services offered and how to access them. In this case, the contents of this extension are defined in the protocol specifications for the supported services. This extension may be included in end entity or CA certificates. Conforming CAs MUST mark this extension as non-critical.
As mentioned in #1947 (and quoted above), SIA is nearly identical to AIA:
id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }
AuthorityInfoAccessSyntax ::=
SEQUENCE SIZE (1..MAX) OF AccessDescription
AccessDescription ::= SEQUENCE {
accessMethod OBJECT IDENTIFIER,
accessLocation GeneralName }
id-pe-subjectInfoAccess OBJECT IDENTIFIER ::= { id-pe 11 }
SubjectInfoAccessSyntax ::=
SEQUENCE SIZE (1..MAX) OF AccessDescription
AccessDescription ::= SEQUENCE {
accessMethod OBJECT IDENTIFIER,
accessLocation GeneralName }
In an attempt to narrow the scope of this request to fit my actual use case (since there have apparently been zero requests for support for the SIA extension in the last five years!), I am specifically interested in the ability to create a new X.509v3 certificate containing this extension (OID 1.3.6.1.5.5.7.1.11) with (multiple instances of) the"id-ad-caRepository" (OID 1.3.6.1.5.5.7.48.5) "accessMethod" pointing to different HTTP URIs ("uniformResourceIdentifier").
Thanks for your consideration!
WRT #1947:
I'd like to "officially" make a request support for the "Subject Information Access" extension described in RFC 5280, section 4.2.2.2:
As mentioned in #1947 (and quoted above), SIA is nearly identical to AIA:
In an attempt to narrow the scope of this request to fit my actual use case (since there have apparently been zero requests for support for the SIA extension in the last five years!), I am specifically interested in the ability to create a new X.509v3 certificate containing this extension (OID
1.3.6.1.5.5.7.1.11) with (multiple instances of) the"id-ad-caRepository" (OID1.3.6.1.5.5.7.48.5) "accessMethod" pointing to different HTTP URIs ("uniformResourceIdentifier").Thanks for your consideration!