[an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive]
 
[an error occurred while processing this directive] [an error occurred while processing this directive]
Skåne Sjælland Linux User Group - http://www.sslug.dk Home   Subscribe   Mail Archive   Forum   Calendar   Search
MhonArc Date: [Date Prev] [Date Index] [Date Next]   Thread: [Date Prev] [Thread Index] [Date Next]   MhonArc
 

SV: SV: [SIGNATUR] Gang i opgaven?



Hej Mads

Jeg er ked af at jeg ikke har svaret før, men arbejdet er "eksploderet"
mellem hænderne på mig de sidste 14 dage -  og familien har et krav på, at
jeg er tilstede en gang imnellem -  så .....


Anna har fat i den lange ende og det er netop et test system jeg vill bruge
- men kravet til et test system er, at man ikke på nogen måde kan tage fejl
af et test certifikat - som kun fungerer teknisk, - og et certifikat hvor
procedurerne er overholdt. Desværre havde ham, der er ansvarlig for
testsystemet lavet et testrodcertifikat, der ligner det rigtige så meget, at
man kunne tage fejl - jeg tør derfor ikke udstede testcertifikater, der skal
bruges uden for huset, med dette test-rod-certifikat. Han havde lovet at
klare det i morgen ( de sidete 14 dage); men det er ikke gjort endnu ;-( og
nu er han taget på 3 ugers ferie.....

Rent faktisk lavede jeg et certifikat med Madses anmodning, så det er ikke
mere "forkert" end at det fungerer teknisk. Men der er en række felter i
anmodningen, der ikke er udfyldt, så det er "blot" at sammenligne med det
eksempel, som jeg gav i en tidligere mail for at få udfyldt de manglende
felter.  Hvis du sendte det ind i vores produktionssystem ville det "blot"
blive ignoreret ( hvis der ikke er en programmeringsfejl ;.).

Jeg prøver at få lavet et certifikat, som jeg kan sende til dig, men der går
nok en uge mere..

Jeg vedlægger en ANS1 fortolkning af det certifikat som blev lavet, så du
kan se hvad det blev til, og mit eget certifikat( prod. vers.) i samme
format. Men som sagt ....


Mvh Jørn

Mads cert:

SEQUENCE [879]
	SEQUENCE [599]
		[CONTEXT SPECIFIC 0] [3]
			INTEGER [1] ( 02 )
		INTEGER [4] ( <"ÍE )
		SEQUENCE [13]
			OBJECT IDENTIFIER [9]( 1.2.840.113549.1.1.5 -
UNKNOWN OBJECT IDENTIFIER )
			NULL [0] ( )
		SEQUENCE [54]
			SET [11]
				SEQUENCE [9]
					OBJECT IDENTIFIER [3]( 2.5.4.6 -
countryName )
					PrintableString [2] ( DK )
			SET [12]
				SEQUENCE [10]
					OBJECT IDENTIFIER [3]( 2.5.4.10 -
organizationName )
					PrintableString [3] ( uss )
			SET [12]
				SEQUENCE [10]
					OBJECT IDENTIFIER [3]( 2.5.4.11 -
UNKNOWN OBJECT IDENTIFIER )
					PrintableString [3] ( kmd )
			SET [11]
				SEQUENCE [9]
					OBJECT IDENTIFIER [3]( 2.5.4.3 -
commonName )
					PrintableString [2] ( ca )
		SEQUENCE [30]
			UTCTime [13] ( 020305135101Z )
			UTCTime [13] ( 030305135101Z )
		SEQUENCE [174]
			SET [11]
				SEQUENCE [9]
					OBJECT IDENTIFIER [3]( 2.5.4.6 -
countryName )
					PrintableString [2] ( DK )
			SET [41]
				SEQUENCE [39]
					OBJECT IDENTIFIER [3]( 2.5.4.10 -
organizationName )
					PrintableString [32] ( Ingen
organisatorisk tilknytning )
			SET [48]
				SEQUENCE [46]
					OBJECT IDENTIFIER [3]( 2.5.4.3 -
commonName )
					PrintableString [39] ( Mads Bondo
Dydensborg // PID:1122334455 )
			SET [33]
				SEQUENCE [31]
					OBJECT IDENTIFIER [9](
1.2.840.113549.1.9.1 - UNKNOWN OBJECT IDENTIFIER )
					IA5String [18] ( sslug@sslug
)
			SET [31]
				SEQUENCE [29]
					OBJECT IDENTIFIER [3]( 2.5.4.5 -
UNKNOWN OBJECT IDENTIFIER )
					PrintableString [22] (
9208-2001-1-1122334455 )
		SEQUENCE [159]
			SEQUENCE [13]
				OBJECT IDENTIFIER [9]( 1.2.840.113549.1.1.1
- rsaEncryption )
				NULL [0] ( )
			BIT STRING [141] ( 00 30 81 89 02 81 81 00 F9 EC 8B
1D 4B 33 90 28 62 E5 59 ... )
		[CONTEXT SPECIFIC 3] [143]
			SEQUENCE [140]
				SEQUENCE [14]
					OBJECT IDENTIFIER [3]( 2.5.29.15 -
keyUsage )
					BOOLEAN [1] ( ÿ )
					OCTET STRING [4] ( 03 02 03 F8 )
				SEQUENCE [111]
					OBJECT IDENTIFIER [3]( 2.5.29.32 -
certificatePolicies )
					OCTET STRING [104] ( 30 66 30 64 06
0A 2B 06 01 04 01 A1 0F 00 00 00 30 56 30 ... )
				SEQUENCE [9]
					OBJECT IDENTIFIER [3]( 2.5.29.19 -
basicConstraints )
					OCTET STRING [2] ( 30 00 )
	SEQUENCE [13]
		OBJECT IDENTIFIER [9]( 1.2.840.113549.1.1.5 - UNKNOWN OBJECT
IDENTIFIER )
		NULL [0] ( )
	BIT STRING [257] ( 00 C3 5B 3E 9C A5 DA 65 A0 49 29 C1 BD D4 1A A3
8C C0 0A ... )



Jørns cert:
SEQUENCE [1061]
	SEQUENCE [781]
		[CONTEXT SPECIFIC 0] [3]
			INTEGER [1] ( 02 )
		INTEGER [4] ( ;<­" )
		SEQUENCE [13]
			OBJECT IDENTIFIER [9]( 1.2.840.113549.1.1.5 -
UNKNOWN OBJECT IDENTIFIER )
			NULL [0] ( )
		SEQUENCE [81]
			SET [11]
				SEQUENCE [9]
					OBJECT IDENTIFIER [3]( 2.5.4.6 -
countryName )
					PrintableString [2] ( DK )
			SET [12]
				SEQUENCE [10]
					OBJECT IDENTIFIER [3]( 2.5.4.10 -
organizationName )
					PrintableString [3] ( KMD )
			SET [15]
				SEQUENCE [13]
					OBJECT IDENTIFIER [3]( 2.5.4.11 -
UNKNOWN OBJECT IDENTIFIER )
					PrintableString [6] ( KMD-CA )
			SET [35]
				SEQUENCE [33]
					OBJECT IDENTIFIER [3]( 2.5.4.3 -
commonName )
					PrintableString [26] ( KMD-CA
Kvalificeret Person )
		SEQUENCE [30]
			UTCTime [13] ( 010828145124Z )
			UTCTime [13] ( 020828143148Z )
		SEQUENCE [192]
			SET [11]
				SEQUENCE [9]
					OBJECT IDENTIFIER [3]( 2.5.4.6 -
countryName )
					PrintableString [2] ( DK )
			SET [41]
				SEQUENCE [39]
					OBJECT IDENTIFIER [3]( 2.5.4.10 -
organizationName )
					PrintableString [32] ( Ingen
organisatorisk tilknytning )
			SET [40]
				SEQUENCE [38]
					OBJECT IDENTIFIER [3]( 2.5.4.3 -
commonName )
					PrintableString [31] ( Joern
Guldberg // PID:141159146 )
			SET [25]
				SEQUENCE [23]
					OBJECT IDENTIFIER [9](
1.2.840.113549.1.9.1 - UNKNOWN OBJECT IDENTIFIER )
					IA5String [10] ( sslug@sslug )
			SET [17]
				SEQUENCE [15]
					OBJECT IDENTIFIER [3]( 2.5.4.4 -
surname )
					PrintableString [8] ( Guldberg )
			SET [14]
				SEQUENCE [12]
					OBJECT IDENTIFIER [3]( 2.5.4.42 -
givenName )
					PrintableString [5] ( Joern )
			SET [30]
				SEQUENCE [28]
					OBJECT IDENTIFIER [3]( 2.5.4.5 -
UNKNOWN OBJECT IDENTIFIER )
					PrintableString [21] (
9208-2001-1-141159146 )
		SEQUENCE [159]
			SEQUENCE [13]
				OBJECT IDENTIFIER [9]( 1.2.840.113549.1.1.1
- rsaEncryption )
				NULL [0] ( )
			BIT STRING [141] ( 00 30 81 89 02 81 81 00 B8 80 07
E0 46 3A 27 37 D1 4F 46 ... )
		[CONTEXT SPECIFIC 3] [279]
			SEQUENCE [275]
				SEQUENCE [14]
					OBJECT IDENTIFIER [3]( 2.5.29.15 -
keyUsage )
					BOOLEAN [1] ( ÿ )
					OCTET STRING [4] ( 03 02 03 F8 )
				SEQUENCE [245]
					OBJECT IDENTIFIER [3]( 2.5.29.32 -
certificatePolicies )
					OCTET STRING [237] ( 30 81 EA 30 81
E7 06 0A 2B 06 01 04 01 A1 0F 04 01 01 30 ... )
				SEQUENCE [9]
					OBJECT IDENTIFIER [3]( 2.5.29.19 -
basicConstraints )
					OCTET STRING [2] ( 30 00 )
	SEQUENCE [13]
		OBJECT IDENTIFIER [9]( 1.2.840.113549.1.1.5 - UNKNOWN OBJECT
IDENTIFIER )
		NULL [0] ( )
	BIT STRING [257] ( 00 BC E4 F3 49 84 5D 37 C8 3C 6A 1B E4 A8 96 B3
E6 5E F6 ... )

-----Oprindelig meddelelse-----
Fra: Mads Bondo Dydensborg [mailto:sslug@sslug
Sendt: 16. marts 2002 19:24
Til: sslug@sslug
Emne: Re: SV: [SIGNATUR] Gang i opgaven?


On 16 Mar 2002, Anna Jonna Armannsdottir wrote:

> Jeg tror det ville være bedre hvis KMD kunne lave en decideret test
> rodcertifikat på en testserver. Denne server kan så få lov til at 
> godkende enhver request. 
> På den måde udstedes ingen testcertifikater med en autentisk KMD 
> signatur. 
> 
> Med andre ord: Dan et uofficelt testcertifikat. 

Ja - enten det, eller vi må køre det på den rigtige måde. Det andet er jo
undergravende for den tillid vi og andre kan have til kmd-ca. 

Jeg ville ønske at Jørn vendte tilbage med mere info om det der var galt
snart.

Mads

-- 
Mads Bondo Dydensborg.                               sslug@sslug
The underlying assumption is closer to "if you are hiding something, you
may have reason to be hiding something, and since we don't know what you're
hiding, we are therefore unable to trust you". *THAT* is why it's so
important that encryption methods be open, and known vulnerabilities be
listed.
                               - Luc "Jude the Secure" French


 
Home   Subscribe   Mail Archive   Index   Calendar   Search

 
 
Questions about the web-pages to <www_admin>. Last modified 2005-08-10, 20:33 CEST [an error occurred while processing this directive]
This page is maintained by [an error occurred while processing this directive]MHonArc [an error occurred while processing this directive] # [an error occurred while processing this directive] *