Certificate Extensions

As specified in [RFC2459] section 4.2, there is a mechanism for creating Certificate Extensions, where each extension includes an object identifier (OID) and an ASN.1 structure. As specified in [RFC2459], there are several standard extensions for which PNRP uses additional constraints as follows.

The SubjectAltName ([RFC2459] section and IssuerAltName ([RFC2459] section MUST be Unicode strings and MUST NOT be longer than 255 characters.

For use in certificate extensions, PNRP defines the following OID values.

 id-microsoft OBJECT IDENTIFIER ::= 
            { iso (1) identified-organization(3) dod (6) internet(1)
              private(4) enterprise (1) microsoft(311) }
 id-microsoftp2p OBJECT IDENTIFIER ::= { id-microsoft 44 }
 id-microsoftp2pgeneral OBJECT IDENTIFIER ::= { id-microsoftp2p 0 }
 id-microsoftp2ppnrp OBJECT IDENTIFIER ::= { id-microsoftp2p 3 }

PNRP specifies the following additional certificate extensions. All of the following properties are "critical" (as specified in [RFC2459] section 4.2), which means that if the receiver does not understand a critical property, it MUST reject that certificate.