Context Navigation

← Previous Revision
Latest Revision
Next Revision →
Blame
Revision Log

rfc2459.asn1@ 4

Last change on this file since 4 was 1, checked in by Paul Smedley, 10 years ago
Initial commit of Heimdal 1.5.3
File size: 16.8 KB

Line
1	-- $Id$ --
2	-- Definitions from rfc2459/rfc3280
3
4	RFC2459 DEFINITIONS ::= BEGIN
5
6	IMPORTS heim_any FROM heim;
7
8	Version ::= INTEGER {
9	rfc3280_version_1(0),
10	rfc3280_version_2(1),
11	rfc3280_version_3(2)
12	}
13
14	id-pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
15	rsadsi(113549) pkcs(1) 1 }
16	id-pkcs1-rsaEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 1 }
17	id-pkcs1-md2WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 2 }
18	id-pkcs1-md5WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 4 }
19	id-pkcs1-sha1WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 5 }
20	id-pkcs1-sha256WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 11 }
21	id-pkcs1-sha384WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 12 }
22	id-pkcs1-sha512WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 13 }
23
24	id-heim-rsa-pkcs1-x509 OBJECT IDENTIFIER ::= { 1 2 752 43 16 1 }
25
26	id-pkcs-2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
27	rsadsi(113549) pkcs(1) 2 }
28	id-pkcs2-md2 OBJECT IDENTIFIER ::= { id-pkcs-2 2 }
29	id-pkcs2-md4 OBJECT IDENTIFIER ::= { id-pkcs-2 4 }
30	id-pkcs2-md5 OBJECT IDENTIFIER ::= { id-pkcs-2 5 }
31
32	id-rsa-digestAlgorithm OBJECT IDENTIFIER ::=
33	{ iso(1) member-body(2) us(840) rsadsi(113549) 2 }
34
35	id-rsa-digest-md2 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 2 }
36	id-rsa-digest-md4 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 4 }
37	id-rsa-digest-md5 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 5 }
38
39	id-pkcs-3 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
40	rsadsi(113549) pkcs(1) 3 }
41
42	id-pkcs3-rc2-cbc OBJECT IDENTIFIER ::= { id-pkcs-3 2 }
43	id-pkcs3-rc4 OBJECT IDENTIFIER ::= { id-pkcs-3 4 }
44	id-pkcs3-des-ede3-cbc OBJECT IDENTIFIER ::= { id-pkcs-3 7 }
45
46	id-rsadsi-encalg OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
47	rsadsi(113549) 3 }
48
49	id-rsadsi-rc2-cbc OBJECT IDENTIFIER ::= { id-rsadsi-encalg 2 }
50	id-rsadsi-des-ede3-cbc OBJECT IDENTIFIER ::= { id-rsadsi-encalg 7 }
51
52	id-secsig-sha-1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
53	oiw(14) secsig(3) algorithm(2) 26 }
54
55	id-secsig-sha-1WithRSAEncryption OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
56	oiw(14) secsig(3) algorithm(2) 29 }
57
58	id-nistAlgorithm OBJECT IDENTIFIER ::= {
59	joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) 4 }
60
61	id-nist-aes-algs OBJECT IDENTIFIER ::= { id-nistAlgorithm 1 }
62
63	id-aes-128-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 2 }
64	id-aes-192-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 22 }
65	id-aes-256-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 42 }
66
67	id-nist-sha-algs OBJECT IDENTIFIER ::= { id-nistAlgorithm 2 }
68
69	id-sha256 OBJECT IDENTIFIER ::= { id-nist-sha-algs 1 }
70	id-sha224 OBJECT IDENTIFIER ::= { id-nist-sha-algs 4 }
71	id-sha384 OBJECT IDENTIFIER ::= { id-nist-sha-algs 2 }
72	id-sha512 OBJECT IDENTIFIER ::= { id-nist-sha-algs 3 }
73
74	id-dhpublicnumber OBJECT IDENTIFIER ::= {
75	iso(1) member-body(2) us(840) ansi-x942(10046)
76	number-type(2) 1 }
77
78	-- ECC
79
80	id-ecPublicKey OBJECT IDENTIFIER ::= {
81	iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 }
82
83	id-ecDH OBJECT IDENTIFIER ::= {
84	iso(1) identified-organization(3) certicom(132) schemes(1)
85	ecdh(12) }
86
87	id-ecMQV OBJECT IDENTIFIER ::= {
88	iso(1) identified-organization(3) certicom(132) schemes(1)
89	ecmqv(13) }
90
91	id-ecdsa-with-SHA256 OBJECT IDENTIFIER ::= {
92	iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
93	ecdsa-with-SHA2(3) 2 }
94
95	id-ecdsa-with-SHA1 OBJECT IDENTIFIER ::= {
96	iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 1 }
97
98	-- some EC group ids
99
100	id-ec-group-secp256r1 OBJECT IDENTIFIER ::= {
101	iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3)
102	prime(1) 7 }
103
104	id-ec-group-secp160r1 OBJECT IDENTIFIER ::= {
105	iso(1) identified-organization(3) certicom(132) 0 8 }
106
107	id-ec-group-secp160r2 OBJECT IDENTIFIER ::= {
108	iso(1) identified-organization(3) certicom(132) 0 30 }
109
110	-- DSA
111
112	id-x9-57 OBJECT IDENTIFIER ::= {
113	iso(1) member-body(2) us(840) ansi-x942(10046) 4 }
114
115	id-dsa OBJECT IDENTIFIER ::= { id-x9-57 1 }
116	id-dsa-with-sha1 OBJECT IDENTIFIER ::= { id-x9-57 3 }
117
118	-- x.520 names types
119
120	id-x520-at OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) ds(5) 4 }
121
122	id-at-commonName OBJECT IDENTIFIER ::= { id-x520-at 3 }
123	id-at-surname OBJECT IDENTIFIER ::= { id-x520-at 4 }
124	id-at-serialNumber OBJECT IDENTIFIER ::= { id-x520-at 5 }
125	id-at-countryName OBJECT IDENTIFIER ::= { id-x520-at 6 }
126	id-at-localityName OBJECT IDENTIFIER ::= { id-x520-at 7 }
127	id-at-stateOrProvinceName OBJECT IDENTIFIER ::= { id-x520-at 8 }
128	id-at-streetAddress OBJECT IDENTIFIER ::= { id-x520-at 9 }
129	id-at-organizationName OBJECT IDENTIFIER ::= { id-x520-at 10 }
130	id-at-organizationalUnitName OBJECT IDENTIFIER ::= { id-x520-at 11 }
131	id-at-name OBJECT IDENTIFIER ::= { id-x520-at 41 }
132	id-at-givenName OBJECT IDENTIFIER ::= { id-x520-at 42 }
133	id-at-initials OBJECT IDENTIFIER ::= { id-x520-at 43 }
134	id-at-generationQualifier OBJECT IDENTIFIER ::= { id-x520-at 44 }
135	id-at-pseudonym OBJECT IDENTIFIER ::= { id-x520-at 65 }
136	-- RFC 2247
137	id-Userid OBJECT IDENTIFIER ::=
138	{ 0 9 2342 19200300 100 1 1 }
139	id-domainComponent OBJECT IDENTIFIER ::=
140	{ 0 9 2342 19200300 100 1 25 }
141
142
143	-- rfc3280
144
145	id-x509-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29}
146
147	AlgorithmIdentifier ::= SEQUENCE {
148	algorithm OBJECT IDENTIFIER,
149	parameters heim_any OPTIONAL
150	}
151
152	AttributeType ::= OBJECT IDENTIFIER
153
154	AttributeValue ::= heim_any
155
156	DirectoryString ::= CHOICE {
157	ia5String IA5String,
158	teletexString TeletexString,
159	printableString PrintableString,
160	universalString UniversalString,
161	utf8String UTF8String,
162	bmpString BMPString
163	}
164
165	Attribute ::= SEQUENCE {
166	type AttributeType,
167	value SET OF -- AttributeValue -- heim_any
168	}
169
170	AttributeTypeAndValue ::= SEQUENCE {
171	type AttributeType,
172	value DirectoryString
173	}
174
175	RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
176
177	RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
178
179	Name ::= CHOICE {
180	rdnSequence RDNSequence
181	}
182
183	CertificateSerialNumber ::= INTEGER
184
185	Time ::= CHOICE {
186	utcTime UTCTime,
187	generalTime GeneralizedTime
188	}
189
190	Validity ::= SEQUENCE {
191	notBefore Time,
192	notAfter Time
193	}
194
195	UniqueIdentifier ::= BIT STRING
196
197	SubjectPublicKeyInfo ::= SEQUENCE {
198	algorithm AlgorithmIdentifier,
199	subjectPublicKey BIT STRING
200	}
201
202	Extension ::= SEQUENCE {
203	extnID OBJECT IDENTIFIER,
204	critical BOOLEAN OPTIONAL, -- DEFAULT FALSE XXX
205	extnValue OCTET STRING
206	}
207
208	Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
209
210	TBSCertificate ::= SEQUENCE {
211	version [0] Version OPTIONAL, -- EXPLICIT nnn DEFAULT 1,
212	serialNumber CertificateSerialNumber,
213	signature AlgorithmIdentifier,
214	issuer Name,
215	validity Validity,
216	subject Name,
217	subjectPublicKeyInfo SubjectPublicKeyInfo,
218	issuerUniqueID [1] IMPLICIT BIT STRING -- UniqueIdentifier -- OPTIONAL,
219	-- If present, version shall be v2 or v3
220	subjectUniqueID [2] IMPLICIT BIT STRING -- UniqueIdentifier -- OPTIONAL,
221	-- If present, version shall be v2 or v3
222	extensions [3] EXPLICIT Extensions OPTIONAL
223	-- If present, version shall be v3
224	}
225
226	Certificate ::= SEQUENCE {
227	tbsCertificate TBSCertificate,
228	signatureAlgorithm AlgorithmIdentifier,
229	signatureValue BIT STRING
230	}
231
232	Certificates ::= SEQUENCE OF Certificate
233
234	ValidationParms ::= SEQUENCE {
235	seed BIT STRING,
236	pgenCounter INTEGER
237	}
238
239	DomainParameters ::= SEQUENCE {
240	p INTEGER, -- odd prime, p=jq +1
241	g INTEGER, -- generator, g
242	q INTEGER, -- factor of p-1
243	j INTEGER OPTIONAL, -- subgroup factor
244	validationParms ValidationParms OPTIONAL -- ValidationParms
245	}
246
247	-- As defined by PKCS3
248	DHParameter ::= SEQUENCE {
249	prime INTEGER, -- odd prime, p=jq +1
250	base INTEGER, -- generator, g
251	privateValueLength INTEGER OPTIONAL
252	}
253
254	DHPublicKey ::= INTEGER
255
256	OtherName ::= SEQUENCE {
257	type-id OBJECT IDENTIFIER,
258	value [0] EXPLICIT heim_any
259	}
260
261	GeneralName ::= CHOICE {
262	otherName [0] IMPLICIT -- OtherName -- SEQUENCE {
263	type-id OBJECT IDENTIFIER,
264	value [0] EXPLICIT heim_any
265	},
266	rfc822Name [1] IMPLICIT IA5String,
267	dNSName [2] IMPLICIT IA5String,
268	-- x400Address [3] IMPLICIT ORAddress,--
269	directoryName [4] IMPLICIT -- Name -- CHOICE {
270	rdnSequence RDNSequence
271	},
272	-- ediPartyName [5] IMPLICIT EDIPartyName, --
273	uniformResourceIdentifier [6] IMPLICIT IA5String,
274	iPAddress [7] IMPLICIT OCTET STRING,
275	registeredID [8] IMPLICIT OBJECT IDENTIFIER
276	}
277
278	GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
279
280	id-x509-ce-keyUsage OBJECT IDENTIFIER ::= { id-x509-ce 15 }
281
282	KeyUsage ::= BIT STRING {
283	digitalSignature (0),
284	nonRepudiation (1),
285	keyEncipherment (2),
286	dataEncipherment (3),
287	keyAgreement (4),
288	keyCertSign (5),
289	cRLSign (6),
290	encipherOnly (7),
291	decipherOnly (8)
292	}
293
294	id-x509-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-x509-ce 35 }
295
296	KeyIdentifier ::= OCTET STRING
297
298	AuthorityKeyIdentifier ::= SEQUENCE {
299	keyIdentifier [0] IMPLICIT OCTET STRING OPTIONAL,
300	authorityCertIssuer [1] IMPLICIT -- GeneralName --
301	SEQUENCE -- SIZE (1..MAX) -- OF GeneralName OPTIONAL,
302	authorityCertSerialNumber [2] IMPLICIT INTEGER OPTIONAL
303	}
304
305	id-x509-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-x509-ce 14 }
306
307	SubjectKeyIdentifier ::= KeyIdentifier
308
309	id-x509-ce-basicConstraints OBJECT IDENTIFIER ::= { id-x509-ce 19 }
310
311	BasicConstraints ::= SEQUENCE {
312	cA BOOLEAN OPTIONAL -- DEFAULT FALSE --,
313	pathLenConstraint INTEGER (0..4294967295) OPTIONAL
314	}
315
316	id-x509-ce-nameConstraints OBJECT IDENTIFIER ::= { id-x509-ce 30 }
317
318	BaseDistance ::= INTEGER -- (0..MAX) --
319
320	GeneralSubtree ::= SEQUENCE {
321	base GeneralName,
322	minimum [0] IMPLICIT -- BaseDistance -- INTEGER OPTIONAL -- DEFAULT 0 --,
323	maximum [1] IMPLICIT -- BaseDistance -- INTEGER OPTIONAL
324	}
325
326	GeneralSubtrees ::= SEQUENCE -- SIZE (1..MAX) -- OF GeneralSubtree
327
328	NameConstraints ::= SEQUENCE {
329	permittedSubtrees [0] IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL,
330	excludedSubtrees [1] IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL
331	}
332
333	id-x509-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= { id-x509-ce 16 }
334	id-x509-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-x509-ce 32 }
335	id-x509-ce-policyMappings OBJECT IDENTIFIER ::= { id-x509-ce 33 }
336	id-x509-ce-subjectAltName OBJECT IDENTIFIER ::= { id-x509-ce 17 }
337	id-x509-ce-issuerAltName OBJECT IDENTIFIER ::= { id-x509-ce 18 }
338	id-x509-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-x509-ce 9 }
339	id-x509-ce-policyConstraints OBJECT IDENTIFIER ::= { id-x509-ce 36 }
340
341	id-x509-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-x509-ce 37}
342
343	ExtKeyUsage ::= SEQUENCE OF OBJECT IDENTIFIER
344
345	id-x509-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-x509-ce 31 }
346	id-x509-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-x509-ce 27 }
347	id-x509-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-x509-ce 28 }
348	id-x509-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-x509-ce 23 }
349	id-x509-ce-invalidityDate OBJECT IDENTIFIER ::= { id-x509-ce 24 }
350	id-x509-ce-certificateIssuer OBJECT IDENTIFIER ::= { id-x509-ce 29 }
351	id-x509-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-x509-ce 54 }
352
353	DistributionPointReasonFlags ::= BIT STRING {
354	unused (0),
355	keyCompromise (1),
356	cACompromise (2),
357	affiliationChanged (3),
358	superseded (4),
359	cessationOfOperation (5),
360	certificateHold (6),
361	privilegeWithdrawn (7),
362	aACompromise (8)
363	}
364
365	DistributionPointName ::= CHOICE {
366	fullName [0] IMPLICIT -- GeneralNames -- SEQUENCE SIZE (1..MAX) OF GeneralName,
367	nameRelativeToCRLIssuer [1] RelativeDistinguishedName
368	}
369
370	DistributionPoint ::= SEQUENCE {
371	distributionPoint [0] IMPLICIT heim_any -- DistributionPointName -- OPTIONAL,
372	reasons [1] IMPLICIT heim_any -- DistributionPointReasonFlags -- OPTIONAL,
373	cRLIssuer [2] IMPLICIT heim_any -- GeneralNames -- OPTIONAL
374	}
375
376	CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
377
378
379	-- rfc3279
380
381	DSASigValue ::= SEQUENCE {
382	r INTEGER,
383	s INTEGER
384	}
385
386	DSAPublicKey ::= INTEGER
387
388	DSAParams ::= SEQUENCE {
389	p INTEGER,
390	q INTEGER,
391	g INTEGER
392	}
393
394	-- draft-ietf-pkix-ecc-subpubkeyinfo-11
395
396	ECPoint ::= OCTET STRING
397
398	ECParameters ::= CHOICE {
399	namedCurve OBJECT IDENTIFIER
400	-- implicitCurve NULL
401	-- specifiedCurve SpecifiedECDomain
402	}
403
404	ECDSA-Sig-Value ::= SEQUENCE {
405	r INTEGER,
406	s INTEGER
407	}
408
409	-- really pkcs1
410
411	RSAPublicKey ::= SEQUENCE {
412	modulus INTEGER, -- n
413	publicExponent INTEGER -- e
414	}
415
416	RSAPrivateKey ::= SEQUENCE {
417	version INTEGER (0..4294967295),
418	modulus INTEGER, -- n
419	publicExponent INTEGER, -- e
420	privateExponent INTEGER, -- d
421	prime1 INTEGER, -- p
422	prime2 INTEGER, -- q
423	exponent1 INTEGER, -- d mod (p-1)
424	exponent2 INTEGER, -- d mod (q-1)
425	coefficient INTEGER -- (inverse of q) mod p
426	}
427
428	DigestInfo ::= SEQUENCE {
429	digestAlgorithm AlgorithmIdentifier,
430	digest OCTET STRING
431	}
432
433	-- some ms ext
434
435	-- szOID_ENROLL_CERTTYPE_EXTENSION "1.3.6.1.4.1.311.20.2" is Encoded as a
436
437	-- UNICODESTRING (0x1E tag)
438
439	-- szOID_CERTIFICATE_TEMPLATE "1.3.6.1.4.1.311.21.7" is Encoded as:
440
441	-- TemplateVersion ::= INTEGER (0..4294967295)
442
443	-- CertificateTemplate ::= SEQUENCE {
444	-- templateID OBJECT IDENTIFIER,
445	-- templateMajorVersion TemplateVersion,
446	-- templateMinorVersion TemplateVersion OPTIONAL
447	-- }
448
449
450	--
451	-- CRL
452	--
453
454	TBSCRLCertList ::= SEQUENCE {
455	version Version OPTIONAL, -- if present, MUST be v2
456	signature AlgorithmIdentifier,
457	issuer Name,
458	thisUpdate Time,
459	nextUpdate Time OPTIONAL,
460	revokedCertificates SEQUENCE OF SEQUENCE {
461	userCertificate CertificateSerialNumber,
462	revocationDate Time,
463	crlEntryExtensions Extensions OPTIONAL
464	-- if present, MUST be v2
465	} OPTIONAL,
466	crlExtensions [0] EXPLICIT Extensions OPTIONAL
467	-- if present, MUST be v2
468	}
469
470
471	CRLCertificateList ::= SEQUENCE {
472	tbsCertList TBSCRLCertList,
473	signatureAlgorithm AlgorithmIdentifier,
474	signatureValue BIT STRING
475	}
476
477	id-x509-ce-cRLNumber OBJECT IDENTIFIER ::= { id-x509-ce 20 }
478	id-x509-ce-freshestCRL OBJECT IDENTIFIER ::= { id-x509-ce 46 }
479	id-x509-ce-cRLReason OBJECT IDENTIFIER ::= { id-x509-ce 21 }
480
481	CRLReason ::= ENUMERATED {
482	unspecified (0),
483	keyCompromise (1),
484	cACompromise (2),
485	affiliationChanged (3),
486	superseded (4),
487	cessationOfOperation (5),
488	certificateHold (6),
489	removeFromCRL (8),
490	privilegeWithdrawn (9),
491	aACompromise (10)
492	}
493
494	PKIXXmppAddr ::= UTF8String
495
496	id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
497	dod(6) internet(1) security(5) mechanisms(5) pkix(7) }
498
499	id-pkix-on OBJECT IDENTIFIER ::= { id-pkix 8 }
500	id-pkix-on-xmppAddr OBJECT IDENTIFIER ::= { id-pkix-on 5 }
501	id-pkix-on-dnsSRV OBJECT IDENTIFIER ::= { id-pkix-on 7 }
502
503	id-pkix-kp OBJECT IDENTIFIER ::= { id-pkix 3 }
504	id-pkix-kp-serverAuth OBJECT IDENTIFIER ::= { id-pkix-kp 1 }
505	id-pkix-kp-clientAuth OBJECT IDENTIFIER ::= { id-pkix-kp 2 }
506	id-pkix-kp-emailProtection OBJECT IDENTIFIER ::= { id-pkix-kp 4 }
507	id-pkix-kp-timeStamping OBJECT IDENTIFIER ::= { id-pkix-kp 8 }
508	id-pkix-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-pkix-kp 9 }
509
510	id-pkix-pe OBJECT IDENTIFIER ::= { id-pkix 1 }
511
512	id-pkix-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pkix-pe 1 }
513
514	AccessDescription ::= SEQUENCE {
515	accessMethod OBJECT IDENTIFIER,
516	accessLocation GeneralName
517	}
518
519	AuthorityInfoAccessSyntax ::= SEQUENCE SIZE (1..MAX) OF AccessDescription
520
521	-- RFC 3820 Proxy Certificate Profile
522
523	id-pkix-pe-proxyCertInfo OBJECT IDENTIFIER ::= { id-pkix-pe 14 }
524
525	id-pkix-ppl OBJECT IDENTIFIER ::= { id-pkix 21 }
526
527	id-pkix-ppl-anyLanguage OBJECT IDENTIFIER ::= { id-pkix-ppl 0 }
528	id-pkix-ppl-inheritAll OBJECT IDENTIFIER ::= { id-pkix-ppl 1 }
529	id-pkix-ppl-independent OBJECT IDENTIFIER ::= { id-pkix-ppl 2 }
530
531	ProxyPolicy ::= SEQUENCE {
532	policyLanguage OBJECT IDENTIFIER,
533	policy OCTET STRING OPTIONAL
534	}
535
536	ProxyCertInfo ::= SEQUENCE {
537	pCPathLenConstraint INTEGER (0..4294967295) OPTIONAL, -- really MAX
538	proxyPolicy ProxyPolicy
539	}
540
541	--- U.S. Federal PKI Common Policy Framework
542	-- Card Authentication key
543	id-uspkicommon-card-id OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 6 }
544	id-uspkicommon-piv-interim OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 9 1 }
545
546	--- Netscape extentions
547
548	id-netscape OBJECT IDENTIFIER ::=
549	{ joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730) }
550	id-netscape-cert-comment OBJECT IDENTIFIER ::= { id-netscape 1 13 }
551
552	--- MS extentions
553
554	id-ms-cert-enroll-domaincontroller OBJECT IDENTIFIER ::=
555	{ 1 3 6 1 4 1 311 20 2 }
556
557	id-ms-client-authentication OBJECT IDENTIFIER ::=
558	{ 1 3 6 1 5 5 7 3 2 }
559
560	-- DER:1e:20:00:44:00:6f:00:6d:00:61:00:69:00:6e:00:43:00:6f:00:6e:00:74:00:72:00:6f:00:6c:00:6c:00:65:00:72
561
562	END

Note: See TracBrowser for help on using the repository browser.

Download in other formats:

Original Format