Dsr cp/cps version 11 Effective Date: November 18, 2022
Download 0,58 Mb. Pdf ko'rish
|
Microsoft DSR PKI CP-CPS for TLS Ver 2.11 November 2022
|
Signature Algorithm
OID ASN.1 Status sha256WithRSAEncryption {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs- 1(1) sha256WithRSAEncryption(11)} Acceptable sha384WithRSAEncryption {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs- 1(1) sha384WithRSAEncryption(12)} Acceptable sha512WithRSAEncryption {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs- 1(1) sha512WithRSAEncryption(13)} Acceptable Certificates created with deprecated signature algorithms adhere to all the requirements of this CP/CPS with the exception that the Certificate is generated with deprecated signature algorithm. Certificates issued under this CP/CPS shall use the following OIDs to identify the algorithm associated with the subject key: rsaEncryption {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 1} 7.1.4 Name Forms Issuing CA and Subscriber Certificates are populated in accordance with Certificate profiles listed in § 7.1. 7.1.4.1 Name Encoding Effective 2020-09-30, the following requirements SHOULD be met by all newly-issued Subordinate CA Certificates that are not used to issue TLS certificates, as defined in Section 7.1.2.2, and MUST be met for all other Certificates, regardless of whether the Certificate is a CA Certificate or a Subscriber Certificate. For every valid Certification Path (as defined by RFC 5280, Section 6): • For each Certificate in the Certification Path, the encoded content of the Issuer Distinguished Name field of a Certificate SHALL be byte-for-byte identical with the encoded form of the Subject Distinguished Name field of the Issuing CA certificate. 7.1.5 Name Constraints No additional stipulation other than § 7.1. 7.1.6 Certificate Policy Object Identifier The DSR PKI CP/CPS will use a Policy Identifier of 1.3.6.1.4.1.311.42.1 in all Certificates it issues from the effective date of this version of the CP/CPS. 7.1.7 Usage of Policy Constraints Extension The DSR PKI CP/CPS will be hot linked from the Certificate Policies in all Certificates it issues from the publication of this version of the CP/CPS. 7.1.8 Policy Qualifiers Syntax and Semantics No stipulation. 7.1.9 Processing Semantics for the Critical Certificate Policies No stipulation. 7.2 CRL Profile The following CRL profile is used by Issuing CAs within the DSR TLS CA hierarchy. Download 0,58 Mb. Do'stlaringiz bilan baham: 
|