Internet Engineering Task Force (IETF)                       S. Krishnan
Request for Comments: 6730                                    J. Halpern
Category: Informational                                         Ericsson
ISSN: 2070-1721                                           September 2012
        
Internet Engineering Task Force (IETF)                       S. Krishnan
Request for Comments: 6730                                    J. Halpern
Category: Informational                                         Ericsson
ISSN: 2070-1721                                           September 2012
        

Requirements for IETF Nominations Committee Tools

IETF提名委员会工具的要求

Abstract

摘要

This document defines the requirements for a set of tools for use by the IETF Nominations Committee.

本文件规定了IETF提名委员会使用的一套工具的要求。

Status of This Memo

关于下段备忘

This document is not an Internet Standards Track specification; it is published for informational purposes.

本文件不是互联网标准跟踪规范;它是为了提供信息而发布的。

This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 5741.

本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。并非IESG批准的所有文件都适用于任何级别的互联网标准;见RFC 5741第2节。

Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc6730.

有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc6730.

Copyright Notice

版权公告

Copyright (c) 2012 IETF Trust and the persons identified as the document authors. All rights reserved.

版权所有(c)2012 IETF信托基金和确定为文件作者的人员。版权所有。

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。

Table of Contents

目录

   1. Introduction ....................................................2
      1.1. Conventions Used in This Document ..........................2
   2. Meta Requirement ................................................2
   3. Authentication ..................................................3
   4. Security and Access Control .....................................3
   5. Nominations .....................................................4
   6. Accepting and Declining Nominations .............................5
   7. Questionnaires ..................................................6
   8. Feedback Collection .............................................7
   9. Security Considerations .........................................8
   10. Acknowledgements ...............................................8
   12. Normative References ...........................................8
   Appendix A. Example for Key Generation .............................9
        
   1. Introduction ....................................................2
      1.1. Conventions Used in This Document ..........................2
   2. Meta Requirement ................................................2
   3. Authentication ..................................................3
   4. Security and Access Control .....................................3
   5. Nominations .....................................................4
   6. Accepting and Declining Nominations .............................5
   7. Questionnaires ..................................................6
   8. Feedback Collection .............................................7
   9. Security Considerations .........................................8
   10. Acknowledgements ...............................................8
   12. Normative References ...........................................8
   Appendix A. Example for Key Generation .............................9
        
1. Introduction
1. 介绍

The IETF Nominations Committee (NomCom) is a body that selects candidates for open IESG, IAB, and IAOC positions following the process outlined in [RFC3777]. There is a need for a set of tools to aid the NomCom in efficient operation. This document presents a set of requirements for such a tool.

IETF提名委员会(NomCom)是一个按照[RFC3777]中概述的流程选择IESG、IAB和IAOC公开职位候选人的机构。需要一套工具来帮助NomCom高效运作。本文件提出了此类工具的一系列要求。

1.1. Conventions Used in This Document
1.1. 本文件中使用的公约

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].

本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[RFC2119]中所述进行解释。

2. Meta Requirement
2. 元需求

There is an existing tool for supporting NomCom work. The set of requirements specified in this document are mainly enhancement requirements or behavioral changes to the existing tool. Unless otherwise stated, all of the current functions of the existing NomCom tool need to be supported in the new tool as well.

有一个支持NomCom工作的现有工具。本文档中规定的一组需求主要是增强需求或对现有工具的行为更改。除非另有说明,现有NomCom工具的所有当前功能也需要在新工具中得到支持。

o META-001: The tool MUST provide all the functionality that is provided by the current NomCom tool, except in cases where a requirement specified in this document overrides a current behavior. The current NomCom tool can be found at the following URLs: https://www.ietf.org/group/nomcom/2012/private/ displays the NomCom private parts of the tool (Private NomCom tool) and https://www.ietf.org/group/nomcom/2012/ displays the community member accessible parts of the tool (Public NomCom tool).

o META-001:该工具必须提供当前NomCom工具提供的所有功能,除非本文档中指定的需求覆盖当前行为。当前的NomCom工具可以在以下URL中找到:https://www.ietf.org/group/nomcom/2012/private/ 显示工具的NomCom专用部分(专用NomCom工具)和https://www.ietf.org/group/nomcom/2012/ 显示社区成员可访问的工具部分(Public NomCom工具)。

3. Authentication
3. 认证

All access to NomCom tools needs to be authenticated. Users of the tools have different privileges based on their role. The tool needs to support at least three levels of access: community member, NomCom member, and NomCom chair. The levels of access are set up by the staff of the IETF Secretariat. It is to be noted that the Secretariat staff do not have any access to the tool. They are responsible for administering the server on which the tool runs; hence, they set up the access control list for the tool.

所有对NomCom工具的访问都需要经过身份验证。工具的用户根据其角色具有不同的权限。该工具需要支持至少三个访问级别:社区成员、NomCom成员和NomCom主席。访问级别由IETF秘书处的工作人员设置。需要指出的是,秘书处工作人员无法使用该工具。他们负责管理运行工具的服务器;因此,他们为该工具设置了访问控制列表。

Community member access is applicable to the Public NomCom tool. The NomCom member access and the NomCom chair access are applicable to the Private NomCom tool. NomCom members can use the interfaces on the Public NomCom tool in the community member role. The NomCom chair access authentication applies to the private webpage in the same fashion as a NomCom member, with the additional ability to update the information on both webpages (i.e., what is visible in the various forms, the templates for the automatic emails, etc.).

社区成员访问适用于公共NomCom工具。NomCom成员访问权限和NomCom主席访问权限适用于专用NomCom工具。NomCom成员可以在社区成员角色中使用公共NomCom工具上的接口。NomCom主席访问认证以与NomCom成员相同的方式应用于私人网页,并具有更新两个网页上信息的额外能力(即各种形式的可见内容、自动电子邮件模板等)。

o AUTH-001: The tool MUST allow members of the community to log in with their existing datatracker.ietf.org credentials.

o AUTH-001:该工具必须允许社区成员使用其现有datatracker.ietf.org凭据登录。

o AUTH-002: The tool MUST allow members of the community to create a new login using the datatracker.ietf.org login system.

o AUTH-002:该工具必须允许社区成员使用datatracker.ietf.org登录系统创建新登录。

o AUTH-003: The tool MUST allow the secretariat to enter the email address of the NomCom chair and to enter a list of email addresses of the NomCom members. The logins associated with these email addresses MUST be accorded the respective roles.

o AUH-003:该工具必须允许秘书处输入NomCom主席的电子邮件地址,并输入NomCom成员的电子邮件地址列表。与这些电子邮件地址关联的登录必须具有相应的角色。

4. Security and Access Control
4. 安全和访问控制

All communication between the community and the NomCom and amongst the members of the NomCom needs to be stored in an encrypted form. This information can only be accessed by members of the NomCom.

社区与NomCom之间以及NomCom成员之间的所有通信都需要以加密形式存储。此信息只能由NomCom的成员访问。

o SEC-001: The security procedures for the tool MUST be structured so that even system administrators do not have routine or accidental visibility to any data accumulated by the tool. This data includes all confidential feedback and discussions.

o SEC-001:必须对工具的安全程序进行结构化,以便即使是系统管理员也不会对工具积累的任何数据具有常规或意外可见性。这些数据包括所有机密反馈和讨论。

o SEC-002: The tool MUST allow the NomCom chair to input a public key ("NomCom public key"). This key is generated by the NomCom chair independent of the tool, for example, using the procedure described in Appendix A.

o SEC-002:该工具必须允许NomCom主席输入公钥(“NomCom公钥”)。该密钥由NomCom主席独立于该工具生成,例如,使用附录A中描述的程序生成。

o SEC-003: All communication sent to the NomCom mailing list MUST be encrypted with the NomCom public key before being committed to persistent storage.

o SEC-003:发送到NomCom邮件列表的所有通信在提交到持久存储之前必须使用NomCom公钥进行加密。

o SEC-004: All community feedback entered using the NomCom tool MUST be encrypted with the NomCom public key before being committed to persistent storage.

o SEC-004:使用NomCom工具输入的所有社区反馈必须使用NomCom公钥加密,然后才能提交到永久性存储。

o SEC-005: After logging in, the tool MUST allow the NomCom members to input a private key ("NomCom private key") that corresponds to the NomCom public key. This key will be used to decrypt the feedback/communications that the member is trying to access. Once entered, this key MUST be available for the entire length of the session until the user logs out. This private key MUST NOT be stored in plaintext form into persistent storage at any point of time.

o SEC-005:登录后,工具必须允许NomCom成员输入与NomCom公钥对应的私钥(“NomCom私钥”)。此密钥将用于解密成员试图访问的反馈/通信。输入后,此密钥必须在整个会话期间可用,直到用户注销。此私钥在任何时候都不得以明文形式存储到永久性存储器中。

o SEC-006: The tool MUST provide a mechanism for the NomCom Chair to destroy all data collected by the NomCom at the end of the NomCom's term. Since the NomCom's term overlaps with that of the next year's NomCom, the tool MUST ensure that data collected by the next year's NomCom is not affected by this deletion.

o SEC-006:该工具必须为NomCom主席提供一种机制,以便在NomCom任期结束时销毁NomCom收集的所有数据。由于NomCom的术语与下一年的NomCom的术语重叠,该工具必须确保下一年的NomCom收集的数据不受此删除的影响。

5. Nominations
5. 提名

After the NomCom is constituted, the NomCom chair issues a call for nominations for the open positions. There are two broad ways in which nominees are introduced into the system. The predominant way is that nominations are entered into the system directly by members of the community. The secondary way is that the nominees are entered in by members of the NomCom. The main difference is that members of the NomCom can enter nominations that are originated by other community members. In both of the cases, an email address for the nominee needs to be entered into the tool. Please note that NomCom members usually use the Public NomCom tool, not the Private NomCom tool, to enter their personal nominations and comments.

在NomCom成立后,NomCom主席发出公开职位提名通知。将被提名人引入系统的方式有两种。主要的方式是由社区成员直接将提名输入系统。第二种方式是提名人由NomCom的成员参与。主要区别在于,NomCom的成员可以输入由其他社区成员发起的提名。在这两种情况下,都需要在工具中输入被提名人的电子邮件地址。请注意,NomCom成员通常使用公共的NomCom工具,而不是私人的NomCom工具来输入个人提名和评论。

o NOM-001: The tool MUST allow members of the community to enter nominations into the Public NomCom tool.

o NOM-001:该工具必须允许社区成员在公共NomCom工具中输入提名。

o NOM-002: The tool MUST allow members of the NomCom to enter nominations into the Private NomCom tool. The tool MUST allow the NomCom member to optionally enter information about the originator of the nomination. The tool MUST record the identity of the originator (if known) of the nomination for audit purposes. Note that anonymous nominations are allowed; thus, the actual identity of an originator may not always be entered into the tool.

o NOM-002:该工具必须允许NomCom成员在专用的NomCom工具中输入提名。该工具必须允许NomCom成员有选择地输入有关提名发起人的信息。该工具必须记录提名的发起人(如已知)的身份,以便于审计。请注意,允许匿名提名;因此,发端人的实际身份可能并不总是输入到工具中。

o NOM-003: The tool MUST allow the NomCom chair to specify information that is required for the nominations. This information will be entered by the NomCom chair as freeform text and will be presented to the individual performing the nomination.

o NOM-003:该工具必须允许NomCom主席指定提名所需的信息。该信息将由NomCom主席以自由文本形式输入,并提交给执行提名的个人。

o NOM-004: The tool MUST email the nominee after the nomination and mention the position(s) that they have been nominated for. This email MUST NOT disclose to the nominee the identity of the person who performed the nomination.

o NOM-004:该工具必须在提名后通过电子邮件发送给被提名人,并注明他们被提名的职位。此电子邮件不得向被提名人披露提名人的身份。

o NOM-005: The tool MUST allow the content of this email to be customized by the NomCom chair.

o NOM-005:该工具必须允许NomCom主席自定义此电子邮件的内容。

o NOM-006: The tool MUST automatically attach the questionnaires for the positions for which the nominee has been nominated to this email.

o NOM-006:该工具必须自动将被提名人已被提名的职位的调查问卷附加到此电子邮件中。

o NOM-007: The tool MUST be able to identify duplicate nominations of the same person with the same email address and consolidate them to point to the same nominee.

o NOM-007:该工具必须能够识别具有相同电子邮件地址的同一人的重复提名,并将其合并以指向相同的提名人。

o NOM-008: In case the same person has been nominated multiple times using different email addresses, the tool MUST allow the NomCom chair to mark duplicate nominations of the same person and consolidate them to point to the same nominee.

o NOM-008:如果同一个人使用不同的电子邮件地址多次被提名,该工具必须允许NomCom主席标记同一个人的重复提名,并将其合并指向同一被提名人。

o NOM-009: The tool MUST allow a communication email address for a nominee to be set to one different than the email address with which they were nominated.

o NOM-009:该工具必须允许将被提名人的通信电子邮件地址设置为与被提名人的电子邮件地址不同的地址。

o NOM-010: The tool MUST be able to use the datatracker address book system as the basis for requirements NOM-007, NOM-008, and NOM-009 but MUST allow the NomCom chair to perform manual overrides.

o NOM-010:该工具必须能够使用datatracker通讯簿系统作为NOM-007、NOM-008和NOM-009要求的基础,但必须允许NomCom主席执行手动覆盖。

o NOM-011: The tool MUST keep track of the accept and decline status for the nominees.

o NOM-011:该工具必须跟踪被提名人的接受和拒绝状态。

6. Accepting and Declining Nominations
6. 接受和拒绝提名

After receiving the nomination mail, nominees usually respond to indicate either that they accept the nomination or that they are unwilling to do so.

在收到提名邮件后,被提名人通常会回复,表示他们接受提名或不愿意接受提名。

o AD-001: The tool MUST allow nominees to indicate whether they are accepting or declining their nomination. This is preferably done by providing distinct hyperlinks in the email that the nominees receive.

o AD-001:该工具必须允许被提名人表明他们是接受还是拒绝提名。这最好通过在被提名人收到的电子邮件中提供不同的超链接来实现。

o AD-002: The tool MUST allow the NomCom chair to select specific email responses from the nominees and flag them as having been accepted or declined.

o AD-002:该工具必须允许NomCom主席从被提名人中选择特定的电子邮件回复,并将其标记为已被接受或拒绝。

o AD-003: The tool MUST allow the NomCom chair to manually flag nominees as having accepted or declined the nomination without the need for any nominee action.

o AD-003:该工具必须允许NomCom主席手动标记被提名人已接受或拒绝提名,而无需任何被提名人行动。

o AD-004: The tool MUST allow NomCom members to view the list of all nominees along with their accept or decline status.

o AD-004:该工具必须允许NomCom成员查看所有被提名人的名单及其接受或拒绝状态。

o AD-005: The tool MUST allow NomCom members to view reports of the accept or decline status both per nominee as well as per open position.

o AD-005:该工具必须允许NomCom成员查看每个被提名人以及每个未平仓的接受或拒绝状态报告。

o AD-006: The tool MUST be configurable to send reminder mails to all nominees who have not responded, either on specified dates or at specified intervals. The contents of the reminder mails MUST be customizable by the NomCom chair.

o AD-006:该工具必须可配置为在指定日期或指定时间间隔向所有未回复的被提名人发送提醒邮件。提醒邮件的内容必须由NomCom主席定制。

o AD-007: The tool MUST be able to generate a summary report containing statistics (total/accept/decline/no response) concerning nominations by position.

o AD-007:该工具必须能够生成一份汇总报告,其中包含有关职位提名的统计数据(总计/接受/拒绝/无响应)。

7. Questionnaires
7. 问卷调查

Nominees fill in a questionnaire for each position for which they accept a nomination. The completed questionnaire is sent in by email to the NomCom mailing list. If a person has been nominated for multiple positions, they may elect to send in a combined questionnaire for a subset (or all) of the positions (QR-002) or fill in one questionnaire per open position (QR-006).

被提名人为他们接受提名的每个职位填写问卷。完成的调查问卷通过电子邮件发送至NomCom邮件列表。如果一个人被提名担任多个职位,他们可以选择发送一份关于职位子集(或全部)的综合问卷(QR-002),或为每个空缺职位填写一份问卷(QR-006)。

o QR-001: The tool MUST allow the NomCom chair to enter a different questionnaire for each open position.

o QR-001:该工具必须允许NomCom主席为每个空缺职位输入不同的问卷。

o QR-002: The tool MUST allow the NomCom chair to point to email responses from the nominees and flag them as questionnaires.

o QR-002:该工具必须允许NomCom主席指出提名人的电子邮件回复,并将其标记为问卷。

o QR-003: The tool MUST allow NomCom members to directly access questionnaires completed by nominees.

o QR-003:该工具必须允许NomCom成员直接访问被提名人填写的问卷。

o QR-004: The tool MUST keep track of the questionnaire receipt status for the nominees. The completed questionnaires are received as emails to the NomCom mailing list.

o QR-004:该工具必须跟踪被提名人的问卷接收状态。完成的调查问卷作为电子邮件发送至NomCom邮件列表。

o QR-005: Like all other correspondence on the NomCom mailing list, the completed questionnaires MUST be encrypted by the NomCom public key before being stored.

o QR-005:与NomCom邮件列表上的所有其他信函一样,填写好的问卷在存储之前必须使用NomCom公钥进行加密。

o QR-006: The NomCom chair MUST be able to flag an email as the completed questionnaire for a nominee corresponding to a specific open position.

o QR-006:NomCom主席必须能够将电子邮件标记为与特定空缺职位对应的被提名人的完整问卷。

o QR-007: Once flagged, the questionnaire provided by the nominee for a specific position MUST be directly accessible without needing to look through all other feedback received for that nominee.

o QR-007:一旦标记,被提名人为特定职位提供的问卷必须可以直接访问,而无需查看该被提名人收到的所有其他反馈。

8. Feedback Collection
8. 反馈收集

Community feedback is very important in the NomCom process. Community feedback about nominees is the primary mechanism by which NomCom members evaluate nominees.

社区反馈在NomCom过程中非常重要。关于被提名人的社区反馈是NomCom成员评估被提名人的主要机制。

o FB-001: The tool MUST allow members of the community to enter feedback about any of the accepting nominees into the Public NomCom tool.

o FB-001:该工具必须允许社区成员在公开的NomCom工具中输入关于任何接受提名者的反馈。

o FB-002: The tool MUST allow members of the NomCom to enter feedback about any of the accepting nominees into the Private NomCom tool. The tool MUST allow the NomCom member to optionally enter information about the originator of the feedback. Note that, as in NOM-002, anonymous feedback is allowed; thus, the actual identity of an originator may not always be entered into the tool.

o FB-002:该工具必须允许NomCom成员将任何接受提名人的反馈输入到私有的NomCom工具中。该工具必须允许NomCom成员选择性地输入有关反馈发起人的信息。注意,与NOM-002一样,允许匿名反馈;因此,发端人的实际身份可能并不总是输入到工具中。

o FB-003: The tool MUST allow NomCom members to view feedback entered for each nominee. The identity of the submitter should also be visible with the feedback, unless the submitter wishes to be anonymous.

o FB-003:该工具必须允许NomCom成员查看为每个提名人输入的反馈。提交者的身份也应该在反馈中可见,除非提交者希望匿名。

o FB-004: The NomCom members MUST be able to enter their interview comments as feedback for the nominee being interviewed.

o FB-004:NomCom成员必须能够输入他们的采访评论,作为对被采访被提名人的反馈。

o FB-005: All email received on the NomCom mailing list MUST be archived. This includes all correspondence among the NomCom members, feedback received over email, as well as completed questionnaires.

o FB-005:必须存档NomCom邮件列表上收到的所有电子邮件。这包括NomCom成员之间的所有通信、通过电子邮件收到的反馈以及填写的问卷。

o FB-006: The tool MUST allow the NomCom chair to manually copy any of the archived mails into the feedback section of one or more nominees for one or more open positions. This is required because a single email may contain feedback concerning more than one nominee or more than one open position.

o FB-006:该工具必须允许NomCom主席手动将任何存档邮件复制到一个或多个空缺职位的一个或多个提名人的反馈部分。这是必需的,因为一封电子邮件可能包含有关多个提名人或多个空缺职位的反馈。

9. Security Considerations
9. 安全考虑

The tool must authenticate all users and must allow logins to be classified into three roles: NomCom chair, NomCom member, and community member. All communications to/from the NomCom and among members of the NomCom must be stored in an encrypted form.

该工具必须对所有用户进行身份验证,并且必须允许将登录分为三个角色:NomCom主席、NomCom成员和社区成员。与NomCom之间以及与NomCom成员之间的所有通信必须以加密形式存储。

10. Acknowledgements
10. 致谢

The authors would like to thank Russ Housley, Barry Leiba, Brian Haberman, Phillip Hallam-Baker, Stewart Bryant, Adrian Farrel, Stephen Farrell, Martin Stiemerling, Benoit Claise, Sean Turner, Ralph Droms, Mary Barnes, Subramanian Moonesamy, and Menachem Dodge for their valuable comments to improve this document.

作者要感谢Russ Housley、Barry Leiba、Brian Haberman、Phillip Hallam Baker、Stewart Bryant、Adrian Farrel、Stephen Farrell、Martin Stiemering、Benoit Claise、Sean Turner、Ralph Droms、Mary Barnes、Subramanian Moonesamy和Menahem Dodge为改进本文件所作的宝贵评论。

12. Normative References
12. 规范性引用文件

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.

[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。

[RFC3777] Galvin, J., Ed., "IAB and IESG Selection, Confirmation, and Recall Process: Operation of the Nominating and Recall Committees", BCP 10, RFC 3777, June 2004.

[RFC3777]Galvin,J.,Ed.,“IAB和IESG的选择、确认和召回过程:提名和召回委员会的运作”,BCP 10,RFC 3777,2004年6月。

Appendix A. Example for Key Generation
附录A.密钥生成示例

The NomCom chair generates a public/private key pair to be used to encrypt NomCom correspondence and feedback. As an example, the NomCom chair can use openssl to generate the key pair using the following commands:

NomCom主席生成一个公钥/私钥对,用于加密NomCom通信和反馈。例如,NomCom主席可以使用openssl,使用以下命令生成密钥对:

First, the config file for openssl needs to be created with the following contents (example for the 2012-2013 NomCom).

首先,需要使用以下内容创建openssl的配置文件(例如2012-2013年NomCom)。

[ req ] distinguished_name = req_distinguished_name string_mask = utf8only x509_extensions = ss_v3_ca

[req]可分辨名称=可分辨名称字符串\u掩码=utf8only x509\u扩展名=ss\U v3\u ca

[ req_distinguished_name ] commonName = Common Name (e.g., NomComYY) commonName_default = NomCom12

[req_distributed_name]commonName=通用名称(例如,NomComYY)commonName_默认值=NomCom12

[ ss_v3_ca ]

[ss_v3_ca]

subjectKeyIdentifier = hash
keyUsage = critical, digitalSignature, keyEncipherment, dataEncipherment
basicConstraints = critical, CA:true
subjectAltName = email:nomcom12@ietf.org
extendedKeyUsage= emailProtection
        
subjectKeyIdentifier = hash
keyUsage = critical, digitalSignature, keyEncipherment, dataEncipherment
basicConstraints = critical, CA:true
subjectAltName = email:nomcom12@ietf.org
extendedKeyUsage= emailProtection
        

# modify the email address to match the year.

#修改电子邮件地址以匹配年份。

Figure 1: nomcom-config.cnf

图1:nomcom-config.cnf

Then the following command needs to be issued in order to generate the private key and the certificate.

然后需要发出以下命令以生成私钥和证书。

   $ openssl req -config nomcom-config.cnf -x509 -new -newkey rsa:2048
   -sha256 -days 730 -nodes -keyout privateKey.pem -out nomcom12.cert
        
   $ openssl req -config nomcom-config.cnf -x509 -new -newkey rsa:2048
   -sha256 -days 730 -nodes -keyout privateKey.pem -out nomcom12.cert
        

The certificate can then be provided to the tool in order to extract the public key.

然后可以将证书提供给该工具以提取公钥。

Authors' Addresses

作者地址

Suresh Krishnan Ericsson 8400 Blvd Decarie Town of Mount Royal, Quebec Canada

Suresh Krishnan Ericsson加拿大魁北克皇家山Decarie镇8400大道

   EMail: suresh.krishnan@ericsson.com
        
   EMail: suresh.krishnan@ericsson.com
        

Joel Halpern Ericsson

乔尔·哈尔佩恩·爱立信

   EMail: joel.halpern@ericsson.com
        
   EMail: joel.halpern@ericsson.com