You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Oct 28, 2018. It is now read-only.
* Changes in crypto-conditions.md:
* Clarify ordering of all parameters in condition URIs
* Add examples for parameter ordering in condition URIs
* Fix broken parser values in author’s portion of “NIST - Recommendation for Key Management”
* Add special formatting to URI parameter names like `fmt` and `cost`, etc.
* Changes in README.md
* Fix typo in grunt kramdown command.
title: OpenSSL - X509 certificate examples for testing and verification
113
128
target: http://fm4dd.com/openssl/certexamples.htm
@@ -859,21 +874,34 @@ While [RFC6920](#RFC6920) allows for truncated hashes, implementations using the
859
874
860
875
### Parameter: Fingerprint Type (fpt)
861
876
862
-
The type parameter indicates the type of condition that is represented by the URI. The value MUST be one of the names from the [Crypto-Condition Type Registry](#crypto-conditions-type-registry).
877
+
The `type` parameter indicates the type of condition that is represented by the URI. The value MUST be one of the names from the [Crypto-Condition Type Registry](#crypto-conditions-type-registry).
863
878
864
879
### Parameter: Cost (cost)
865
880
866
881
The cost parameter is the cost of the condition that is represented by the URI.
867
882
868
883
### Parameter: Subtypes (subtypes)
869
884
870
-
The subtypes parameter indicates the types of conditions that are subtypes of the condition represented by the URI. The value MUST be a comma seperated list of names from the [Crypto-Condition Type Registry](#crypto-conditions-type-registry).
885
+
The subtypes parameter indicates the types of conditions that are subtypes of the condition represented by the URI. The value MUST be a comma-separated list of names from the [Crypto-Condition Type Registry](#crypto-conditions-type-registry).
871
886
872
-
The list MUST exclude the type of the root crypto-condition. i.e. The value of the fpt parameter should not appear in the list of types provided as the value of the subtypes parameter.
887
+
The subtypes list MUST exclude the type of the root crypto-condition. Specifically, the value of the `fpt` parameter should not appear in the list of subtypes.
873
888
874
-
The list MUST be ordered by the type id value of each type, in ascending order. i.e. preimage-sha-256 MUST appear before prefix-sha-256.
889
+
For example, if a threshold condition contains another threshold condition as well as a prefix condition, then its URI query parameters would appear like this:
875
890
876
-
The commas in the list should be treated as reserved characters per [RFC3986](#RFC3986)and not be percent encoded when used as list delimiters in the subtypes parameter.
Notice that the `subtypes` parameter does not contain `threshold-sha-256` because that type is already indicated in the `fpt` parameter.
894
+
895
+
The commas in the list should be treated as reserved characters per [RFC3986](#RFC3986) and MUST not be percent encoded when used as list delimiters in the subtypes parameter.
896
+
897
+
#### Subtype Parameter Value Ordering
898
+
899
+
The subtypes list MUST be ordered by the type id value of each type, in ascending lexicographical order. That is, `preimage-sha-256` MUST appear before `prefix-sha-256`, which MUST appear before `threshold-sha-256`, and so on.
900
+
901
+
## Condition URI Parameter Ordering
902
+
903
+
The parameters of a condition URI MUST appear in ascending lexicographical order based upon the
904
+
name of each parameter. For example, the `cost` parameter must appear before the `fpt` parameter, which must appear before the `subtypes` parameter.
0 commit comments