Add documentation page for our OIDs #2034
Conversation
aarongable
force-pushed
the
oid-doc
branch
2 times, most recently
from
cb9a9ce to
a568695
Compare
|
One thing we did on the CT logs page is use a JSON file of the actual data, and then template it in, so that we don't have as much translation lift. Should we do that here, too? (I'd also like to do it on the Certificates page) |
|
Yeah, it's a good idea. For now I'm just playing with presentation and layout. If this deeply-nested bulleted list looks terrible, I want to figure that out now. Unfortunately we don't have a way to combine markdown and templating. |
|
Oof, yeah, then let's just do Markdown. I expect this page won't drift too much. As for how it looks, I think the ever-lengthening nature of OIDs makes a more natural way to see the structure, and I'd be inclined to use a two-column table instead of a list |
|
I've tried out a table with monospaced OIDs at https://github.com/mcpherrinm/website/tree/mattm-oid-table and I think it might be a bit easier to comprehend, but I'm not sure it's still the best possible |
|
I think the table, using I'm marking this as Ready for Review. At this point I think the two big things to check are:
|
|
When we accept and merge this, I'll see about adding these OIDs as children to https://oid-base.com/cgi-bin/display?oid=1.3.6.1.4.1.44947&a=display |
| * Certificate details (self-signed): [crt.sh](https://crt.sh/?id=9314791), [der](/certs/isrgrootx1.der), [pem](/certs/isrgrootx1.pem), [txt](/certs/isrgrootx1.txt) | ||
| * Certificate details (cross-signed by DST Root CA X3): [crt.sh](https://crt.sh/?id=3958242236), [der](/certs/isrg-root-x1-cross-signed.der), [pem](/certs/isrg-root-x1-cross-signed.pem), [txt](/certs/isrg-root-x1-cross-signed.txt) (retired) | ||
| * Test websites: [valid](https://valid-isrgrootx1.letsencrypt.org/), [revoked](https://revoked-isrgrootx1.letsencrypt.org/), [expired](https://expired-isrgrootx1.letsencrypt.org/) | ||
| * OID: 1.3.6.1.4.1.44947.1.2.1 |
There was a problem hiding this comment.
This page needs a lastmod update.
Add a new page to the website with the sole purpose of documenting what OIDs even are, and the OIDs we've allocated under our 1.3.6.1.4.1.44947 arc.
One of these OIDs, namely 1.3.6.1.4.1.44947.1.1.1 "ISRG Domain Validated", has existed for a long time but was never explicitly documented and is no longer in use.
The rest of these OIDs, namely those under the new 1.3.6.1.4.1.44947.1.2 "Issuers" arc, are brand new. We're allocating them for the purpose of being used in the "Trust Anchor Identifiers" and "Merkel Tree Certificates" internet drafts, which use OIDs as a way to compress references to CA keypairs and certificates. See https://datatracker.ietf.org/doc/draft-ietf-tls-trust-anchor-ids/ and https://datatracker.ietf.org/doc/draft-davidben-tls-merkle-tree-certs/ for more details.
Fixes #2028