Share via


2.2.5 X.509 Usage

PNRP defines several X.509 certificate extensions (see [MS-PNRP] section 2.2.3.5), and also defines certificate chain validation rules (see [MS-PNRP] section 2.2.3.5). All certificates and certificate chains used in P2P Grouping MUST follow the PNRP rules, with some additional constraints described below.

The following figure shows the required fields for each certificate type.

Required fields for each certificate type

Figure 2: Required fields for each certificate type

szOID_PEERNET_CERT_TYPE: P2P Grouping certificate types map to PnrpCertificateTypes ([MS-PNRP] section 2.2.3.5.1.1) as follows.

Value

Meaning

certTypeMember (0x00000001)

This value MUST be used for a Group Membership Certificate (GMC).

certTypeRoot (0x00000002)

This value MUST be used for a Group Root Certificate (GRC).

certTypeIdentity (0x00000003)

This value MUST be used for an IDC.

szOID_SUBJECT_ALT_NAME: As defined in [MS-PNRP] section 2.2.3.5.1.

szOID_ISSUER_ALT_NAME: As defined in [MS-PNRP] section: 2.2.3.5.1

szOID_PEERNET_GROUPING_PEERNAME:

Sz_OID_PEERNET_GROUPING_PEERNAME

Usage

Description

1.3.6.1.4.1.311.44.3.1

The PeerName of the Group

The PnrpPeerName extension ([MS-PNRP] section 2.2.3.5.1.3) is used to store the Peer Name of the Group to which the certificate belongs. This extension is used to validate the certificate and the certificate chain for a Group, as specified in sections 2.2.5.2 and 2.2.5.2.

szOID_PEERNET_IDENTITY_FLAGS:

Sz_OID_PEERNET_IDENTITY_FLAGS

Usage

Description

1.3.6.1.4.1.311.44.2.2

Flags associated with the Group

A DWORD value representing the Flags associated with the IDC. This value MUST be 0.

szOID_PEERNET_GROUPING_FLAGS:

Sz_OID_PEERNET_GROUPING_FLAGS

Usage

Description

1.3.6.1.4.1.311.44.3.2

Flags associated with the Group

A DWORD value representing the Flags associated with a GRC or a GMC. This value MUST be 0.

szOID_PEERNET_GROUPING_ROLES:

Sz_OID_PEERNET_GROUPING_ROLES

Usage

Description

1.3.6.1.4.1.311.44.3.3

List of roles associated with Group Peer name

A list of roles, as specified in [MS-PNRP] (section 2.2.3.5.1.4).

szOID_PEERNET_GROUPING_CLASSIFIERS:

Sz_OID_PEERNET_GROUPING_CLASSIFIERS

Usage

Description

1.3.6.1.4.1.311.44.3.5

List of allowed classifiers for the Group Peer name

A list of allowed classifiers, as specified in ([MS-PNRP] section 2.2.3.5.1.5).