Metadata Distribution Subcommittee of TAC

[Tom Scavo <>]

IJ has constructed a new self-signed signing certificate for your
review (see below). The certificate itself is signed with SHA-256 (not
a big deal, but why not?). The main question I have are the DNs. You
can see what we've chosen in the output below. Is there some strategy
to choosing something else? If so, I'm not seeing it.

Any comments you have at this point would be appreciated.

Thanks,

Tom and IJ

$ openssl x509 -text -in ~/Desktop/md.incommon.org/fedop.pem
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            f0:10:31:32:05:89:0c:5c
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fedop.incommonfederation.org
        Validity
            Not Before: Dec 11 20:43:46 2013 GMT
            Not After : Dec 18 20:43:46 2037 GMT
        Subject: CN=fedop.incommonfederation.org
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:d0:28:5d:92:b9:fe:74:6e:59:8f:92:f7:50:8c:
                    3e:c5:e5:a0:37:39:bc:6a:3c:3b:fc:5c:aa:45:0d:
                    52:8c:3e:0b:7e:0d:96:09:d9:5f:8c:ea:d8:18:d9:
                    d5:64:c0:93:7c:8b:68:5d:34:a9:83:8a:d7:c4:74:
                    2c:ca:47:8d:89:84:6e:db:ed:36:b8:c4:be:d6:99:
                    c1:a9:68:f3:74:f2:44:d2:87:7e:ab:c1:1b:76:f1:
                    3a:4a:18:a6:8f:23:67:d3:24:1f:1b:24:0a:08:d7:
                    58:b9:cf:bb:e4:c2:07:b1:a2:0e:00:4b:43:65:44:
                    93:f5:27:78:a1:e5:35:cd:18:d5:da:c1:af:51:df:
                    89:14:7b:de:50:08:51:73:46:fe:24:46:5f:20:4b:
                    aa:fc:b2:14:f6:ac:66:ff:e8:05:69:ac:25:9a:88:
                    d9:3f:23:96:67:52:65:b3:06:eb:ac:96:18:ca:7d:
                    74:aa:09:c9:be:38:7d:81:95:97:2a:39:8f:c6:ab:
                    c7:28:97:00:4c:f8:40:87:68:16:19:a6:d6:4d:70:
                    49:09:c9:0c:7b:58:6b:1c:29:7f:bd:b0:cb:0a:6c:
                    f4:fe:86:2e:a1:a4:83:cc:fe:b3:13:d6:12:03:fc:
                    42:a6:56:87:03:49:a8:0b:55:6c:d8:7e:4c:39:01:
                    a5:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:28:FD:60:B5:39:CD:0E:8A:EF:99:0F:81:5A:72:43:63:7F:94:FB
            X509v3 Authority Key Identifier:

keyid:E6:28:FD:60:B5:39:CD:0E:8A:EF:99:0F:81:5A:72:43:63:7F:94:FB

            X509v3 Basic Constraints:
                CA:TRUE
    Signature Algorithm: sha256WithRSAEncryption
        ba:60:b3:16:58:52:a3:fb:3a:e1:8e:0b:9b:d3:5b:0e:76:05:
        fa:c6:b0:ec:58:fb:60:d6:16:cb:c4:b6:14:25:a6:31:13:e5:
        e8:61:e4:d3:65:94:20:b8:0c:86:00:e0:a7:be:2d:ff:d5:d6:
        c2:43:31:8b:cd:89:79:84:ef:03:0c:f2:29:ee:d9:5d:1e:18:
        0f:5a:e2:80:a1:f3:1d:ab:92:01:5e:24:6e:2e:d2:11:72:3d:
        d1:e8:56:2a:4e:ef:07:27:7d:04:85:7e:b1:7d:8f:38:d3:d8:
        db:36:f1:50:1c:4e:00:2a:38:c5:86:db:d5:c3:91:71:27:c9:
        c6:cd:da:26:e4:0c:89:a8:17:b5:03:ec:b9:82:5d:52:ae:4d:
        77:60:ee:ff:41:4b:91:e8:f0:de:81:4c:c4:0a:13:ce:9f:3d:
        de:76:3f:fa:d4:26:ee:63:e3:3f:52:a5:91:bf:91:e5:39:30:
        b4:75:f9:4d:bc:55:0f:81:44:b5:91:85:e4:2b:18:89:0a:8e:
        cc:75:22:23:75:8d:37:4e:8f:e7:16:70:cb:30:48:a5:9b:ef:
        c2:c2:d7:7e:81:74:c3:ce:a6:2c:1d:67:ee:04:44:c0:cc:5b:
        43:f1:36:6e:bd:9f:ea:b9:7b:8d:0b:f1:f7:c6:5b:05:4f:38:
        67:1a:64:44
-----BEGIN CERTIFICATE-----
MIIDITCCAgmgAwIBAgIJAPAQMTIFiQxcMA0GCSqGSIb3DQEBCwUAMCcxJTAjBgNV
BAMMHGZlZG9wLmluY29tbW9uZmVkZXJhdGlvbi5vcmcwHhcNMTMxMjExMjA0MzQ2
WhcNMzcxMjE4MjA0MzQ2WjAnMSUwIwYDVQQDDBxmZWRvcC5pbmNvbW1vbmZlZGVy
YXRpb24ub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Chdkrn+
dG5Zj5L3UIw+xeWgNzm8ajw7/FyqRQ1SjD4Lfg2WCdlfjOrYGNnVZMCTfItoXTSp
g4rXxHQsykeNiYRu2+02uMS+1pnBqWjzdPJE0od+q8EbdvE6ShimjyNn0yQfGyQK
CNdYuc+75MIHsaIOAEtDZUST9Sd4oeU1zRjV2sGvUd+JFHveUAhRc0b+JEZfIEuq
/LIU9qxm/+gFaawlmojZPyOWZ1JlswbrrJYYyn10qgnJvjh9gZWXKjmPxqvHKJcA
TPhAh2gWGabWTXBJCckMe1hrHCl/vbDLCmz0/oYuoaSDzP6zE9YSA/xCplaHA0mo
C1Vs2H5MOQGlewIDAQABo1AwTjAdBgNVHQ4EFgQU5ij9YLU5zQ6K75kPgVpyQ2N/
lPswHwYDVR0jBBgwFoAU5ij9YLU5zQ6K75kPgVpyQ2N/lPswDAYDVR0TBAUwAwEB
/zANBgkqhkiG9w0BAQsFAAOCAQEAumCzFlhSo/s64Y4Lm9NbDnYF+saw7Fj7YNYW
y8S2FCWmMRPl6GHk02WUILgMhgDgp74t/9XWwkMxi82JeYTvAwzyKe7ZXR4YD1ri
gKHzHauSAV4kbi7SEXI90ehWKk7vByd9BIV+sX2PONPY2zbxUBxOACo4xYbb1cOR
cSfJxs3aJuQMiagXtQPsuYJdUq5Nd2Du/0FLkejw3oFMxAoTzp893nY/+tQm7mPj
P1Klkb+R5TkwtHX5TbxVD4FEtZGF5CsYiQqOzHUiI3WNN06P5xZwyzBIpZvvwsLX
foF0w86mLB1n7gREwMxbQ/E2br2f6rl7jQvx98ZbBU84ZxpkRA==
-----END CERTIFICATE-----