2.2.3.5.1 Certificate Extensions
As specified in [RFC2459] section 4.2, there is a mechanism for creating Certificate Extensions, where each extension includes an object identifier (OID) and an ASN.1 structure. As specified in [RFC2459], there are several standard extensions for which PNRP uses additional constraints as follows.
The SubjectAltName ([RFC2459] section 4.2.1.7) and IssuerAltName ([RFC2459] section 4.2.1.8) MUST be Unicode strings and MUST NOT be longer than 255 characters.
For use in certificate extensions, PNRP defines the following OID values.
-
id-microsoft OBJECT IDENTIFIER ::= { iso (1) identified-organization(3) dod (6) internet(1) private(4) enterprise (1) microsoft(311) } id-microsoftp2p OBJECT IDENTIFIER ::= { id-microsoft 44 } id-microsoftp2pgeneral OBJECT IDENTIFIER ::= { id-microsoftp2p 0 } id-microsoftp2ppnrp OBJECT IDENTIFIER ::= { id-microsoftp2p 3 }
PNRP specifies the following additional certificate extensions. All of the following properties are "critical" (as specified in [RFC2459] section 4.2), which means that if the receiver does not understand a critical property, it MUST reject that certificate.