On 31/08/2015 10:13, Erik Andersen wrote:
I never got a reaction to this:
---------------------------------------------------
If one instead of using the role attribute type define in X.509 uses an
extension specified for that purpose and thereby assigns privileges to a
public-key certificate without the use of the subjectDirectoryAttributes
extension, is this a violation of X.509?
Does it prevent the use of some
of the extensions defined in Section 3 otherwise only allowed if the
subjectDirectoryAttributes extension is included?
-----
It is not a theoretical question. IEC 62351-8 defines such a role
extension. As it published in 2011 and as it is a key smart grid
security specification, it is probably implemented in a lot of systems.
It will be used in the Danish grid (whether I like it or not).
Regards,
Erik