1 -- Id -- 2 -- Definitions from rfc2459/rfc3280 3 4 RFC2459 DEFINITIONS ::= BEGIN 5 6 IMPORTS heim_any FROM heim; 7 8 Version ::= INTEGER { 9 rfc3280_version_1(0), 10 rfc3280_version_2(1), 11 rfc3280_version_3(2) 12 } 13 14 id-pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) 15 rsadsi(113549) pkcs(1) 1 } 16 id-pkcs1-rsaEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 1 } 17 id-pkcs1-md2WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 2 } 18 id-pkcs1-md5WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 4 } 19 id-pkcs1-sha1WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 5 } 20 id-pkcs1-sha256WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 11 } 21 id-pkcs1-sha384WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 12 } 22 id-pkcs1-sha512WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 13 } 23 24 id-heim-rsa-pkcs1-x509 OBJECT IDENTIFIER ::= { 1 2 752 43 16 1 } 25 26 id-pkcs-2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) 27 rsadsi(113549) pkcs(1) 2 } 28 id-pkcs2-md2 OBJECT IDENTIFIER ::= { id-pkcs-2 2 } 29 id-pkcs2-md4 OBJECT IDENTIFIER ::= { id-pkcs-2 4 } 30 id-pkcs2-md5 OBJECT IDENTIFIER ::= { id-pkcs-2 5 } 31 32 id-rsa-digestAlgorithm OBJECT IDENTIFIER ::= 33 { iso(1) member-body(2) us(840) rsadsi(113549) 2 } 34 35 id-rsa-digest-md2 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 2 } 36 id-rsa-digest-md4 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 4 } 37 id-rsa-digest-md5 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 5 } 38 39 id-pkcs-3 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) 40 rsadsi(113549) pkcs(1) 3 } 41 42 id-pkcs3-rc2-cbc OBJECT IDENTIFIER ::= { id-pkcs-3 2 } 43 id-pkcs3-rc4 OBJECT IDENTIFIER ::= { id-pkcs-3 4 } 44 id-pkcs3-des-ede3-cbc OBJECT IDENTIFIER ::= { id-pkcs-3 7 } 45 46 id-rsadsi-encalg OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) 47 rsadsi(113549) 3 } 48 49 id-rsadsi-rc2-cbc OBJECT IDENTIFIER ::= { id-rsadsi-encalg 2 } 50 id-rsadsi-des-ede3-cbc OBJECT IDENTIFIER ::= { id-rsadsi-encalg 7 } 51 52 id-secsig-sha-1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) 53 oiw(14) secsig(3) algorithm(2) 26 } 54 55 id-secsig-sha-1WithRSAEncryption OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) 56 oiw(14) secsig(3) algorithm(2) 29 } 57 58 id-nistAlgorithm OBJECT IDENTIFIER ::= { 59 joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) 4 } 60 61 id-nist-aes-algs OBJECT IDENTIFIER ::= { id-nistAlgorithm 1 } 62 63 id-aes-128-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 2 } 64 id-aes-192-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 22 } 65 id-aes-256-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 42 } 66 67 id-nist-sha-algs OBJECT IDENTIFIER ::= { id-nistAlgorithm 2 } 68 69 id-sha256 OBJECT IDENTIFIER ::= { id-nist-sha-algs 1 } 70 id-sha224 OBJECT IDENTIFIER ::= { id-nist-sha-algs 4 } 71 id-sha384 OBJECT IDENTIFIER ::= { id-nist-sha-algs 2 } 72 id-sha512 OBJECT IDENTIFIER ::= { id-nist-sha-algs 3 } 73 74 id-dhpublicnumber OBJECT IDENTIFIER ::= { 75 iso(1) member-body(2) us(840) ansi-x942(10046) 76 number-type(2) 1 } 77 78 -- ECC 79 80 id-ecPublicKey OBJECT IDENTIFIER ::= { 81 iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 } 82 83 id-ecDH OBJECT IDENTIFIER ::= { 84 iso(1) identified-organization(3) certicom(132) schemes(1) 85 ecdh(12) } 86 87 id-ecMQV OBJECT IDENTIFIER ::= { 88 iso(1) identified-organization(3) certicom(132) schemes(1) 89 ecmqv(13) } 90 91 id-ecdsa-with-SHA512 OBJECT IDENTIFIER ::= { 92 iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 93 ecdsa-with-SHA2(3) 4 } 94 95 id-ecdsa-with-SHA384 OBJECT IDENTIFIER ::= { 96 iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 97 ecdsa-with-SHA2(3) 3 } 98 99 id-ecdsa-with-SHA256 OBJECT IDENTIFIER ::= { 100 iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 101 ecdsa-with-SHA2(3) 2 } 102 103 id-ecdsa-with-SHA224 OBJECT IDENTIFIER ::= { 104 iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 105 ecdsa-with-SHA2(3) 1 } 106 107 id-ecdsa-with-SHA1 OBJECT IDENTIFIER ::= { 108 iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 1 } 109 110 -- some EC group ids 111 112 id-ec-group-secp256r1 OBJECT IDENTIFIER ::= { 113 iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) 114 prime(1) 7 } 115 116 id-ec-group-secp160r1 OBJECT IDENTIFIER ::= { 117 iso(1) identified-organization(3) certicom(132) 0 8 } 118 119 id-ec-group-secp160r2 OBJECT IDENTIFIER ::= { 120 iso(1) identified-organization(3) certicom(132) 0 30 } 121 122 id-ec-group-secp224r1 OBJECT IDENTIFIER ::= { 123 iso(1) identified-organization(3) certicom(132) 0 33 } 124 125 id-ec-group-secp384r1 OBJECT IDENTIFIER ::= { 126 iso(1) identified-organization(3) certicom(132) 0 34 } 127 128 id-ec-group-secp521r1 OBJECT IDENTIFIER ::= { 129 iso(1) identified-organization(3) certicom(132) 0 35 } 130 131 -- DSA 132 133 id-x9-57 OBJECT IDENTIFIER ::= { 134 iso(1) member-body(2) us(840) ansi-x942(10046) 4 } 135 136 id-dsa OBJECT IDENTIFIER ::= { id-x9-57 1 } 137 id-dsa-with-sha1 OBJECT IDENTIFIER ::= { id-x9-57 3 } 138 139 -- x.520 names types 140 141 id-x520-at OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) ds(5) 4 } 142 143 id-at-commonName OBJECT IDENTIFIER ::= { id-x520-at 3 } 144 id-at-surname OBJECT IDENTIFIER ::= { id-x520-at 4 } 145 id-at-serialNumber OBJECT IDENTIFIER ::= { id-x520-at 5 } 146 id-at-countryName OBJECT IDENTIFIER ::= { id-x520-at 6 } 147 id-at-localityName OBJECT IDENTIFIER ::= { id-x520-at 7 } 148 id-at-stateOrProvinceName OBJECT IDENTIFIER ::= { id-x520-at 8 } 149 id-at-streetAddress OBJECT IDENTIFIER ::= { id-x520-at 9 } 150 id-at-organizationName OBJECT IDENTIFIER ::= { id-x520-at 10 } 151 id-at-organizationalUnitName OBJECT IDENTIFIER ::= { id-x520-at 11 } 152 id-at-title OBJECT IDENTIFIER ::= { id-x520-at 12 } 153 id-at-description OBJECT IDENTIFIER ::= { id-x520-at 13 } 154 id-at-name OBJECT IDENTIFIER ::= { id-x520-at 41 } 155 id-at-givenName OBJECT IDENTIFIER ::= { id-x520-at 42 } 156 id-at-initials OBJECT IDENTIFIER ::= { id-x520-at 43 } 157 id-at-generationQualifier OBJECT IDENTIFIER ::= { id-x520-at 44 } 158 id-at-pseudonym OBJECT IDENTIFIER ::= { id-x520-at 65 } 159 -- RFC 2247 160 id-Userid OBJECT IDENTIFIER ::= 161 { 0 9 2342 19200300 100 1 1 } 162 id-domainComponent OBJECT IDENTIFIER ::= 163 { 0 9 2342 19200300 100 1 25 } 164 165 166 -- rfc3280 167 168 id-x509-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29} 169 170 AlgorithmIdentifier ::= SEQUENCE { 171 algorithm OBJECT IDENTIFIER, 172 parameters heim_any OPTIONAL 173 } 174 175 AttributeType ::= OBJECT IDENTIFIER 176 177 AttributeValue ::= heim_any 178 179 DirectoryString ::= CHOICE { 180 ia5String IA5String, 181 teletexString TeletexString, 182 printableString PrintableString, 183 universalString UniversalString, 184 utf8String UTF8String, 185 bmpString BMPString 186 } 187 188 Attribute ::= SEQUENCE { 189 type AttributeType, 190 value SET OF -- AttributeValue -- heim_any 191 } 192 193 AttributeTypeAndValue ::= SEQUENCE { 194 type AttributeType, 195 value DirectoryString 196 } 197 198 RelativeDistinguishedName ::= SET OF AttributeTypeAndValue 199 200 RDNSequence ::= SEQUENCE OF RelativeDistinguishedName 201 202 Name ::= CHOICE { 203 rdnSequence RDNSequence 204 } 205 206 CertificateSerialNumber ::= INTEGER 207 208 Time ::= CHOICE { 209 utcTime UTCTime, 210 generalTime GeneralizedTime 211 } 212 213 Validity ::= SEQUENCE { 214 notBefore Time, 215 notAfter Time 216 } 217 218 UniqueIdentifier ::= BIT STRING 219 220 SubjectPublicKeyInfo ::= SEQUENCE { 221 algorithm AlgorithmIdentifier, 222 subjectPublicKey BIT STRING 223 } 224 225 Extension ::= SEQUENCE { 226 extnID OBJECT IDENTIFIER, 227 critical BOOLEAN OPTIONAL, -- DEFAULT FALSE XXX 228 extnValue OCTET STRING 229 } 230 231 Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension 232 233 TBSCertificate ::= SEQUENCE { 234 version [0] Version OPTIONAL, -- EXPLICIT nnn DEFAULT 1, 235 serialNumber CertificateSerialNumber, 236 signature AlgorithmIdentifier, 237 issuer Name, 238 validity Validity, 239 subject Name, 240 subjectPublicKeyInfo SubjectPublicKeyInfo, 241 issuerUniqueID [1] IMPLICIT BIT STRING -- UniqueIdentifier -- OPTIONAL, 242 -- If present, version shall be v2 or v3 243 subjectUniqueID [2] IMPLICIT BIT STRING -- UniqueIdentifier -- OPTIONAL, 244 -- If present, version shall be v2 or v3 245 extensions [3] EXPLICIT Extensions OPTIONAL 246 -- If present, version shall be v3 247 } 248 249 Certificate ::= SEQUENCE { 250 tbsCertificate TBSCertificate, 251 signatureAlgorithm AlgorithmIdentifier, 252 signatureValue BIT STRING 253 } 254 255 Certificates ::= SEQUENCE OF Certificate 256 257 ValidationParms ::= SEQUENCE { 258 seed BIT STRING, 259 pgenCounter INTEGER 260 } 261 262 DomainParameters ::= SEQUENCE { 263 p INTEGER, -- odd prime, p=jq +1 264 g INTEGER, -- generator, g 265 q INTEGER OPTIONAL, -- factor of p-1 266 j INTEGER OPTIONAL, -- subgroup factor 267 validationParms ValidationParms OPTIONAL -- ValidationParms 268 } 269 270 -- As defined by PKCS3 271 DHParameter ::= SEQUENCE { 272 prime INTEGER, -- odd prime, p=jq +1 273 base INTEGER, -- generator, g 274 privateValueLength INTEGER OPTIONAL 275 } 276 277 DHPublicKey ::= INTEGER 278 279 OtherName ::= SEQUENCE { 280 type-id OBJECT IDENTIFIER, 281 value [0] EXPLICIT heim_any 282 } 283 284 GeneralName ::= CHOICE { 285 otherName [0] IMPLICIT -- OtherName -- SEQUENCE { 286 type-id OBJECT IDENTIFIER, 287 value [0] EXPLICIT heim_any 288 }, 289 rfc822Name [1] IMPLICIT IA5String, 290 dNSName [2] IMPLICIT IA5String, 291 -- x400Address [3] IMPLICIT ORAddress,-- 292 directoryName [4] IMPLICIT -- Name -- CHOICE { 293 rdnSequence RDNSequence 294 }, 295 -- ediPartyName [5] IMPLICIT EDIPartyName, -- 296 uniformResourceIdentifier [6] IMPLICIT IA5String, 297 iPAddress [7] IMPLICIT OCTET STRING, 298 registeredID [8] IMPLICIT OBJECT IDENTIFIER 299 } 300 301 GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName 302 303 id-x509-ce-keyUsage OBJECT IDENTIFIER ::= { id-x509-ce 15 } 304 305 KeyUsage ::= BIT STRING { 306 digitalSignature (0), 307 nonRepudiation (1), 308 keyEncipherment (2), 309 dataEncipherment (3), 310 keyAgreement (4), 311 keyCertSign (5), 312 cRLSign (6), 313 encipherOnly (7), 314 decipherOnly (8) 315 } 316 317 id-x509-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-x509-ce 35 } 318 319 KeyIdentifier ::= OCTET STRING 320 321 AuthorityKeyIdentifier ::= SEQUENCE { 322 keyIdentifier [0] IMPLICIT OCTET STRING OPTIONAL, 323 authorityCertIssuer [1] IMPLICIT -- GeneralName -- 324 SEQUENCE -- SIZE (1..MAX) -- OF GeneralName OPTIONAL, 325 authorityCertSerialNumber [2] IMPLICIT INTEGER OPTIONAL 326 } 327 328 id-x509-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-x509-ce 14 } 329 330 SubjectKeyIdentifier ::= KeyIdentifier 331 332 id-x509-ce-basicConstraints OBJECT IDENTIFIER ::= { id-x509-ce 19 } 333 334 BasicConstraints ::= SEQUENCE { 335 cA BOOLEAN OPTIONAL -- DEFAULT FALSE --, 336 pathLenConstraint INTEGER (0..4294967295) OPTIONAL 337 } 338 339 id-x509-ce-nameConstraints OBJECT IDENTIFIER ::= { id-x509-ce 30 } 340 341 BaseDistance ::= INTEGER -- (0..MAX) -- 342 343 GeneralSubtree ::= SEQUENCE { 344 base GeneralName, 345 minimum [0] IMPLICIT -- BaseDistance -- INTEGER OPTIONAL -- DEFAULT 0 --, 346 maximum [1] IMPLICIT -- BaseDistance -- INTEGER OPTIONAL 347 } 348 349 GeneralSubtrees ::= SEQUENCE -- SIZE (1..MAX) -- OF GeneralSubtree 350 351 NameConstraints ::= SEQUENCE { 352 permittedSubtrees [0] IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL, 353 excludedSubtrees [1] IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL 354 } 355 356 id-x509-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= { id-x509-ce 16 } 357 id-x509-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-x509-ce 32 } 358 id-x509-ce-policyMappings OBJECT IDENTIFIER ::= { id-x509-ce 33 } 359 id-x509-ce-subjectAltName OBJECT IDENTIFIER ::= { id-x509-ce 17 } 360 id-x509-ce-issuerAltName OBJECT IDENTIFIER ::= { id-x509-ce 18 } 361 id-x509-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-x509-ce 9 } 362 id-x509-ce-policyConstraints OBJECT IDENTIFIER ::= { id-x509-ce 36 } 363 364 id-x509-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-x509-ce 37} 365 366 ExtKeyUsage ::= SEQUENCE OF OBJECT IDENTIFIER 367 368 id-x509-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-x509-ce 31 } 369 id-x509-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-x509-ce 27 } 370 id-x509-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-x509-ce 28 } 371 id-x509-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-x509-ce 23 } 372 id-x509-ce-invalidityDate OBJECT IDENTIFIER ::= { id-x509-ce 24 } 373 id-x509-ce-certificateIssuer OBJECT IDENTIFIER ::= { id-x509-ce 29 } 374 id-x509-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-x509-ce 54 } 375 376 DistributionPointReasonFlags ::= BIT STRING { 377 unused (0), 378 keyCompromise (1), 379 cACompromise (2), 380 affiliationChanged (3), 381 superseded (4), 382 cessationOfOperation (5), 383 certificateHold (6), 384 privilegeWithdrawn (7), 385 aACompromise (8) 386 } 387 388 DistributionPointName ::= CHOICE { 389 fullName [0] IMPLICIT -- GeneralNames -- SEQUENCE SIZE (1..MAX) OF GeneralName, 390 nameRelativeToCRLIssuer [1] RelativeDistinguishedName 391 } 392 393 DistributionPoint ::= SEQUENCE { 394 distributionPoint [0] IMPLICIT heim_any -- DistributionPointName -- OPTIONAL, 395 reasons [1] IMPLICIT heim_any -- DistributionPointReasonFlags -- OPTIONAL, 396 cRLIssuer [2] IMPLICIT heim_any -- GeneralNames -- OPTIONAL 397 } 398 399 CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint 400 401 402 -- rfc3279 403 404 DSASigValue ::= SEQUENCE { 405 r INTEGER, 406 s INTEGER 407 } 408 409 DSAPublicKey ::= INTEGER 410 411 DSAParams ::= SEQUENCE { 412 p INTEGER, 413 q INTEGER, 414 g INTEGER 415 } 416 417 -- draft-ietf-pkix-ecc-subpubkeyinfo-11 418 419 ECPoint ::= OCTET STRING 420 421 ECParameters ::= CHOICE { 422 namedCurve OBJECT IDENTIFIER 423 -- implicitCurve NULL 424 -- specifiedCurve SpecifiedECDomain 425 } 426 427 ECDSA-Sig-Value ::= SEQUENCE { 428 r INTEGER, 429 s INTEGER 430 } 431 432 -- really pkcs1 433 434 RSAPublicKey ::= SEQUENCE { 435 modulus INTEGER, -- n 436 publicExponent INTEGER -- e 437 } 438 439 RSAPrivateKey ::= SEQUENCE { 440 version INTEGER (0..4294967295), 441 modulus INTEGER, -- n 442 publicExponent INTEGER, -- e 443 privateExponent INTEGER, -- d 444 prime1 INTEGER, -- p 445 prime2 INTEGER, -- q 446 exponent1 INTEGER, -- d mod (p-1) 447 exponent2 INTEGER, -- d mod (q-1) 448 coefficient INTEGER -- (inverse of q) mod p 449 } 450 451 DigestInfo ::= SEQUENCE { 452 digestAlgorithm AlgorithmIdentifier, 453 digest OCTET STRING 454 } 455 456 -- some ms ext 457 458 -- szOID_ENROLL_CERTTYPE_EXTENSION "1.3.6.1.4.1.311.20.2" is Encoded as a 459 460 -- UNICODESTRING (0x1E tag) 461 462 -- szOID_CERTIFICATE_TEMPLATE "1.3.6.1.4.1.311.21.7" is Encoded as: 463 464 -- TemplateVersion ::= INTEGER (0..4294967295) 465 466 -- CertificateTemplate ::= SEQUENCE { 467 -- templateID OBJECT IDENTIFIER, 468 -- templateMajorVersion TemplateVersion, 469 -- templateMinorVersion TemplateVersion OPTIONAL 470 -- } 471 472 473 -- 474 -- CRL 475 -- 476 477 TBSCRLCertList ::= SEQUENCE { 478 version Version OPTIONAL, -- if present, MUST be v2 479 signature AlgorithmIdentifier, 480 issuer Name, 481 thisUpdate Time, 482 nextUpdate Time OPTIONAL, 483 revokedCertificates SEQUENCE OF SEQUENCE { 484 userCertificate CertificateSerialNumber, 485 revocationDate Time, 486 crlEntryExtensions Extensions OPTIONAL 487 -- if present, MUST be v2 488 } OPTIONAL, 489 crlExtensions [0] EXPLICIT Extensions OPTIONAL 490 -- if present, MUST be v2 491 } 492 493 494 CRLCertificateList ::= SEQUENCE { 495 tbsCertList TBSCRLCertList, 496 signatureAlgorithm AlgorithmIdentifier, 497 signatureValue BIT STRING 498 } 499 500 id-x509-ce-cRLNumber OBJECT IDENTIFIER ::= { id-x509-ce 20 } 501 id-x509-ce-freshestCRL OBJECT IDENTIFIER ::= { id-x509-ce 46 } 502 id-x509-ce-cRLReason OBJECT IDENTIFIER ::= { id-x509-ce 21 } 503 504 CRLReason ::= ENUMERATED { 505 unspecified (0), 506 keyCompromise (1), 507 cACompromise (2), 508 affiliationChanged (3), 509 superseded (4), 510 cessationOfOperation (5), 511 certificateHold (6), 512 removeFromCRL (8), 513 privilegeWithdrawn (9), 514 aACompromise (10) 515 } 516 517 PKIXXmppAddr ::= UTF8String 518 519 id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) 520 dod(6) internet(1) security(5) mechanisms(5) pkix(7) } 521 522 id-pkix-on OBJECT IDENTIFIER ::= { id-pkix 8 } 523 id-pkix-on-xmppAddr OBJECT IDENTIFIER ::= { id-pkix-on 5 } 524 id-pkix-on-dnsSRV OBJECT IDENTIFIER ::= { id-pkix-on 7 } 525 526 id-pkix-kp OBJECT IDENTIFIER ::= { id-pkix 3 } 527 id-pkix-kp-serverAuth OBJECT IDENTIFIER ::= { id-pkix-kp 1 } 528 id-pkix-kp-clientAuth OBJECT IDENTIFIER ::= { id-pkix-kp 2 } 529 id-pkix-kp-emailProtection OBJECT IDENTIFIER ::= { id-pkix-kp 4 } 530 id-pkix-kp-timeStamping OBJECT IDENTIFIER ::= { id-pkix-kp 8 } 531 id-pkix-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-pkix-kp 9 } 532 533 id-pkix-pe OBJECT IDENTIFIER ::= { id-pkix 1 } 534 535 id-pkix-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pkix-pe 1 } 536 537 AccessDescription ::= SEQUENCE { 538 accessMethod OBJECT IDENTIFIER, 539 accessLocation GeneralName 540 } 541 542 AuthorityInfoAccessSyntax ::= SEQUENCE SIZE (1..MAX) OF AccessDescription 543 544 -- RFC 3820 Proxy Certificate Profile 545 546 id-pkix-pe-proxyCertInfo OBJECT IDENTIFIER ::= { id-pkix-pe 14 } 547 548 id-pkix-ppl OBJECT IDENTIFIER ::= { id-pkix 21 } 549 550 id-pkix-ppl-anyLanguage OBJECT IDENTIFIER ::= { id-pkix-ppl 0 } 551 id-pkix-ppl-inheritAll OBJECT IDENTIFIER ::= { id-pkix-ppl 1 } 552 id-pkix-ppl-independent OBJECT IDENTIFIER ::= { id-pkix-ppl 2 } 553 554 ProxyPolicy ::= SEQUENCE { 555 policyLanguage OBJECT IDENTIFIER, 556 policy OCTET STRING OPTIONAL 557 } 558 559 ProxyCertInfo ::= SEQUENCE { 560 pCPathLenConstraint INTEGER (0..4294967295) OPTIONAL, -- really MAX 561 proxyPolicy ProxyPolicy 562 } 563 564 --- U.S. Federal PKI Common Policy Framework 565 -- Card Authentication key 566 id-uspkicommon-card-id OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 6 } 567 id-uspkicommon-piv-interim OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 9 1 } 568 569 --- Netscape extentions 570 571 id-netscape OBJECT IDENTIFIER ::= 572 { joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730) } 573 id-netscape-cert-comment OBJECT IDENTIFIER ::= { id-netscape 1 13 } 574 575 --- MS extentions 576 577 id-ms-cert-enroll-domaincontroller OBJECT IDENTIFIER ::= 578 { 1 3 6 1 4 1 311 20 2 } 579 580 id-ms-client-authentication OBJECT IDENTIFIER ::= 581 { 1 3 6 1 5 5 7 3 2 } 582 583 -- DER:1e:20:00:44:00:6f:00:6d:00:61:00:69:00:6e:00:43:00:6f:00:6e:00:74:00:72:00:6f:00:6c:00:6c:00:65:00:72 584 585 END 586