Skip to content
This repository was archived by the owner on Aug 15, 2025. It is now read-only.

Commit c269e33

Browse files
bitfl0werbitfl0wer
committed
finish TODO
1 parent edee7a3 commit c269e33

File tree

1 file changed

+20
-17
lines changed
  • docs/Protocol Specifications

1 file changed

+20
-17
lines changed

docs/Protocol Specifications/core.md

Lines changed: 20 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -482,10 +482,14 @@ client.
482482
An ID-CSR includes the following information, according to the X.509 standard:
483483

484484
- The public identity key of the client.
485-
- A polyproto Distinguished Name (`pDN`), describing the actor the certificate is issued to. The `pDN`
486-
must be formatted according to [Section 6.1.1.1](#6111-polyproto-distinguished-name-pdn).
485+
- A polyproto Distinguished Name (`pDN`) "subject name", describing the actor the certificate is
486+
issued to. The `pDN` must be formatted according to [Section 6.1.1.1](#6111-polyproto-distinguished-name-pdn).
487487
- The signature algorithm used to sign the certificate.
488488
- The signature of the certificate, generated by using the entities' private identity key.
489+
- A version identifier, specifying the version of X.509 certificate used. See [chapter 6.1.1](#611-structure-of-an-id-cert)
490+
for a specification of what the version field must look like.
491+
- A list of X.509 capabilities which the actor requests for their certificate. See [chapter 6.1.1.2](#6112-extensions-and-constraints)
492+
for a specification of allowed, required and forbidden capabilities.
489493

490494
When signing an ID-CSR, the home server must verify the correctness of all claims presented in the CSR.
491495

@@ -510,21 +514,20 @@ ID-Certs encompass a subset of the structure of an X.509 certificate.
510514

511515
ID-Certs have the following structure:
512516

513-
// TODO: WTF? pDN of actor must be in subject field, not issuer field!
514-
515-
| Field Description | Special requirements, if any | X.509 equivalent |
516-
| --------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------- | -------------------------------------------------------- |
517-
| Correctly formatted Name attribute, according to [#6.1.1.1](#6111-polyproto-distinguished-name-pdn) | [polyproto Distinguished Name](#6111-polyproto-distinguished-name-pdn) | Issuer Name |
518-
| A unique identifier for the certificate, used by the CA to identify this certificate. | Must be unique across all certificates issued by a home server. | Serial Number |
519-
| The algorithm used to sign the certificate. | | Certificate Signature Algorithm & Signature Algorithm ID |
520-
| The signature of the certificate, generated by using the home servers' private identity key. | | Certificate Signature |
521-
| The expiry date of the certificate. | Time must not be after expiry date of the home server's root certificate | Validity period: Not After |
522-
| Certificate validity period starting date | Time must not be before the home server's root certificate was generated | Validity period: Not Before |
523-
| X.509 Version Number (v3) | polyproto only uses Version 3 X.509 certificates. | Version Number |
524-
| The public identity key of the client. | | Subject Public Key Info: Subject Public Key |
525-
| The public key algorithm used to generate the client's public identity key. | | Subject Public Key Info: Public Key Algorithm |
526-
| The session ID of the client. | No two valid certificates for one session ID can exist. Session IDs have to be unique per user. | Subject Unique Identifier |
527-
| Extensions | [Extensions and Constraints](#6112-extensions-and-constraints) | Extensions |
517+
| Field Description | Special requirements, if any | X.509 equivalent |
518+
| --------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------ | -------------------------------------------------------- |
519+
| Correctly formatted Name attribute, according to [#6.1.1.1](#6111-polyproto-distinguished-name-pdn) | [polyproto Distinguished Name](#6111-polyproto-distinguished-name-pdn) | Issuer Name |
520+
| Correctly formatted Name attribute, according to [#6.1.1.1](#6111-polyproto-distinguished-name-pdn) | [polyproto Distinguished Name](#6111-polyproto-distinguished-name-pdn) | Subject Name |
521+
| A unique identifier for the certificate, used by the CA to identify this certificate. | Must be unique across all certificates issued by a home server. | Serial Number |
522+
| The algorithm used to sign the certificate. | | Certificate Signature Algorithm & Signature Algorithm ID |
523+
| The signature of the certificate, generated by using the home servers' private identity key. | | Certificate Signature |
524+
| The expiry date of the certificate. | Time must not be after expiry date of the home server's root certificate | Validity period: Not After |
525+
| Certificate validity period starting date | Time must not be before the home server's root certificate was generated | Validity period: Not Before |
526+
| X.509 Version Number (v3) | polyproto only uses Version 3 X.509 certificates. | Version Number |
527+
| The public identity key of the client. | | Subject Public Key Info: Subject Public Key |
528+
| The public key algorithm used to generate the client's public identity key. | | Subject Public Key Info: Public Key Algorithm |
529+
| The session ID of the client. | No two valid certificates for one session ID can exist. Session IDs have to be unique per actor. | Subject Unique Identifier |
530+
| Extensions | [Extensions and Constraints](#6112-extensions-and-constraints) | Extensions |
528531

529532
##### 6.1.1.1 polyproto Distinguished Name (`pDN`)
530533

0 commit comments

Comments
 (0)