Error in "Example IEEE 802.1AR profiled X.509 Certificate"

[xipki]

In the current github version of draft-ietf-cose-cbor-encoded-cert.md, Section Example IEEE 802.1AR profiled X.509 Certificate:

1. The textual (openssl) output of the X.509 certificate does not match the Hex encoded X.509 certificate. The textual output has the hardwareModule type 1.3.6.1.4.1.7.**6175**.10.1, but the hex certificate has the type 1.3.6.1.4.1.7.**6715**.10.1.
2. The textual and hex representation of the C509 certificate have the type 1.3.6.1.4.1.7.**6175**.10.1.
3. The C509 certificate still has the issuerSignatureAlgorithmat the position as in draft -09 (before issuerSignatureValue).

[gselander]

1. The text output of the X.509 is actually 1.3.6.1.4.1.6175.10.1, not 1.3.6.1.4.1**.7**.6175.10.1, but you are right that it is different from the hex certificate type 1.3.6.1.4.1.6715.10.1.
2. The text and hex representation of the C509 is 1.3.6.1.4.1.6175.10.1 and should be 1.3.6.1.4.1.6715.10.1
3. Agreed, this was fixed in -11.

Changes needed in Appendix A.2:

OLD
hwType: 1.3.6.1.4.1.6175.10.1
NEW
hwType: 1.3.6.1.4.1.6715.10.1

OLD
3, [-1, [h'2B06010401B01F0A01', h'01020304']] / subjectAltName w. hard
NEW
3, [-1, [h'2B06010401B43B0A01', h'01020304']] / subjectAltName w. hard

OLD
5B 11 60 21 05 03 82 20 82 49 2B 06 01 04 01 B0 1F 0A 01 44 01 02 03
NEW
5B 11 60 21 05 03 82 20 82 49 2B 06 01 04 01 B4 3B 0A 01 44 01 02 03

We also need to replace the signature value.

(we should also fix the printout of the comment "/ subjectAltName w. hard")

[gselander]

Remains to replace signature value.

EDIT: No need to recalculate signature value, a this is type 3 certificate - not natively signed - so the signature in the C509 the same as in the X.509, which was made over the correct PEN: 6715.

So we are done. I remove the editor's note.

[gselander]

@xipki Can we close this?

[xipki]

@xipki Can we close this?

Yes. Thanks!