xref: /netbsd-src/crypto/external/bsd/heimdal/dist/lib/asn1/rfc2459.asn1 (revision b9d004c6cc8d38329417ae29768c81e5f2a296cf) 
1-- Id --
2-- Definitions from rfc2459/rfc3280
3
4RFC2459 DEFINITIONS ::= BEGIN
5
6IMPORTS heim_any FROM heim;
7
8Version ::=  INTEGER {
9	rfc3280_version_1(0),
10	rfc3280_version_2(1),
11	rfc3280_version_3(2)
12}
13
14id-pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
15	rsadsi(113549) pkcs(1) 1 }
16id-pkcs1-rsaEncryption OBJECT IDENTIFIER ::=		{ id-pkcs-1 1 }
17id-pkcs1-md2WithRSAEncryption OBJECT IDENTIFIER ::=	{ id-pkcs-1 2 }
18id-pkcs1-md5WithRSAEncryption OBJECT IDENTIFIER ::=	{ id-pkcs-1 4 }
19id-pkcs1-sha1WithRSAEncryption OBJECT IDENTIFIER ::=	{ id-pkcs-1 5 }
20id-pkcs1-sha256WithRSAEncryption OBJECT IDENTIFIER ::=	{ id-pkcs-1 11 }
21id-pkcs1-sha384WithRSAEncryption OBJECT IDENTIFIER ::=	{ id-pkcs-1 12 }
22id-pkcs1-sha512WithRSAEncryption OBJECT IDENTIFIER ::=	{ id-pkcs-1 13 }
23
24id-heim-rsa-pkcs1-x509 OBJECT IDENTIFIER ::= { 1  2 752 43 16 1 }
25
26id-pkcs-2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
27	rsadsi(113549) pkcs(1) 2 }
28id-pkcs2-md2 OBJECT IDENTIFIER ::=		{ id-pkcs-2 2 }
29id-pkcs2-md4 OBJECT IDENTIFIER ::=		{ id-pkcs-2 4 }
30id-pkcs2-md5 OBJECT IDENTIFIER ::=		{ id-pkcs-2 5 }
31
32id-rsa-digestAlgorithm OBJECT IDENTIFIER ::=
33{ iso(1) member-body(2) us(840) rsadsi(113549) 2 }
34
35id-rsa-digest-md2 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 2 }
36id-rsa-digest-md4 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 4 }
37id-rsa-digest-md5 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 5 }
38
39id-pkcs-3 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
40	rsadsi(113549) pkcs(1) 3 }
41
42id-pkcs3-rc2-cbc OBJECT IDENTIFIER ::=		{ id-pkcs-3 2 }
43id-pkcs3-rc4     OBJECT IDENTIFIER ::=		{ id-pkcs-3 4 }
44id-pkcs3-des-ede3-cbc OBJECT IDENTIFIER ::=	{ id-pkcs-3 7 }
45
46id-rsadsi-encalg OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
47	rsadsi(113549) 3 }
48
49id-rsadsi-rc2-cbc OBJECT IDENTIFIER ::=		{ id-rsadsi-encalg 2 }
50id-rsadsi-des-ede3-cbc OBJECT IDENTIFIER ::=	{ id-rsadsi-encalg 7 }
51
52id-secsig-sha-1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
53	oiw(14) secsig(3) algorithm(2) 26 }
54
55id-secsig-sha-1WithRSAEncryption OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
56	oiw(14) secsig(3) algorithm(2) 29 }
57
58id-nistAlgorithm OBJECT IDENTIFIER ::= {
59   joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) 4 }
60
61id-nist-aes-algs OBJECT IDENTIFIER ::= { id-nistAlgorithm 1 }
62
63id-aes-128-cbc OBJECT IDENTIFIER ::=		{ id-nist-aes-algs 2 }
64id-aes-192-cbc OBJECT IDENTIFIER ::=		{ id-nist-aes-algs 22 }
65id-aes-256-cbc OBJECT IDENTIFIER ::=		{ id-nist-aes-algs 42 }
66
67id-nist-sha-algs OBJECT IDENTIFIER ::=		{ id-nistAlgorithm 2 }
68
69id-sha256 OBJECT IDENTIFIER ::=			{ id-nist-sha-algs 1 }
70id-sha224 OBJECT IDENTIFIER ::=			{ id-nist-sha-algs 4 }
71id-sha384 OBJECT IDENTIFIER ::=			{ id-nist-sha-algs 2 }
72id-sha512 OBJECT IDENTIFIER ::=			{ id-nist-sha-algs 3 }
73
74id-dhpublicnumber OBJECT IDENTIFIER ::= {
75        iso(1) member-body(2) us(840) ansi-x942(10046)
76        number-type(2) 1 }
77
78-- ECC
79
80id-ecPublicKey OBJECT IDENTIFIER ::= {
81       iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 }
82
83id-ecDH OBJECT IDENTIFIER ::= {
84       iso(1) identified-organization(3) certicom(132) schemes(1)
85       ecdh(12) }
86
87id-ecMQV OBJECT IDENTIFIER ::= {
88       iso(1) identified-organization(3) certicom(132) schemes(1)
89       ecmqv(13) }
90
91id-ecdsa-with-SHA512 OBJECT IDENTIFIER ::= {
92     iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
93     ecdsa-with-SHA2(3) 4 }
94
95id-ecdsa-with-SHA384 OBJECT IDENTIFIER ::= {
96     iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
97     ecdsa-with-SHA2(3) 3 }
98
99id-ecdsa-with-SHA256 OBJECT IDENTIFIER ::= {
100     iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
101     ecdsa-with-SHA2(3) 2 }
102
103id-ecdsa-with-SHA224 OBJECT IDENTIFIER ::= {
104     iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
105     ecdsa-with-SHA2(3) 1 }
106
107id-ecdsa-with-SHA1 OBJECT IDENTIFIER ::= {
108     iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 1 }
109
110-- some EC group ids
111
112id-ec-group-secp256r1 OBJECT IDENTIFIER ::= {
113       iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3)
114       prime(1) 7 }
115
116id-ec-group-secp160r1 OBJECT IDENTIFIER ::= {
117       iso(1) identified-organization(3) certicom(132) 0 8 }
118
119id-ec-group-secp160r2 OBJECT IDENTIFIER ::= {
120       iso(1) identified-organization(3) certicom(132) 0 30 }
121
122id-ec-group-secp224r1 OBJECT IDENTIFIER ::= {
123       iso(1) identified-organization(3) certicom(132) 0 33 }
124
125id-ec-group-secp384r1 OBJECT IDENTIFIER ::= {
126       iso(1) identified-organization(3) certicom(132) 0 34 }
127
128id-ec-group-secp521r1 OBJECT IDENTIFIER ::= {
129       iso(1) identified-organization(3) certicom(132) 0 35 }
130
131-- DSA
132
133id-x9-57 OBJECT IDENTIFIER ::= {
134        iso(1) member-body(2) us(840) ansi-x942(10046) 4 }
135
136id-dsa OBJECT IDENTIFIER ::=		{ id-x9-57 1 }
137id-dsa-with-sha1 OBJECT IDENTIFIER ::=		{ id-x9-57 3 }
138
139-- x.520 names types
140
141id-x520-at 	OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) ds(5) 4 }
142
143id-at-commonName		OBJECT IDENTIFIER ::= { id-x520-at 3 }
144id-at-surname			OBJECT IDENTIFIER ::= { id-x520-at 4 }
145id-at-serialNumber		OBJECT IDENTIFIER ::= { id-x520-at 5 }
146id-at-countryName		OBJECT IDENTIFIER ::= { id-x520-at 6 }
147id-at-localityName		OBJECT IDENTIFIER ::= { id-x520-at 7 }
148id-at-stateOrProvinceName	OBJECT IDENTIFIER ::= { id-x520-at 8 }
149id-at-streetAddress		OBJECT IDENTIFIER ::= { id-x520-at 9 }
150id-at-organizationName		OBJECT IDENTIFIER ::= { id-x520-at 10 }
151id-at-organizationalUnitName	OBJECT IDENTIFIER ::= { id-x520-at 11 }
152id-at-title			OBJECT IDENTIFIER ::= { id-x520-at 12 }
153id-at-description		OBJECT IDENTIFIER ::= { id-x520-at 13 }
154id-at-name			OBJECT IDENTIFIER ::= { id-x520-at 41 }
155id-at-givenName			OBJECT IDENTIFIER ::= { id-x520-at 42 }
156id-at-initials			OBJECT IDENTIFIER ::= { id-x520-at 43 }
157id-at-generationQualifier	OBJECT IDENTIFIER ::= { id-x520-at 44 }
158id-at-pseudonym			OBJECT IDENTIFIER ::= { id-x520-at 65 }
159-- RFC 2247
160id-Userid		      	OBJECT IDENTIFIER ::=
161                          { 0 9 2342 19200300 100 1 1 }
162id-domainComponent      	OBJECT IDENTIFIER ::=
163                          { 0 9 2342 19200300 100 1 25 }
164
165
166-- rfc3280
167
168id-x509-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29}
169
170AlgorithmIdentifier ::= SEQUENCE {
171	algorithm	OBJECT IDENTIFIER,
172	parameters	heim_any OPTIONAL
173}
174
175AttributeType ::=   OBJECT IDENTIFIER
176
177AttributeValue ::=   heim_any
178
179DirectoryString ::= CHOICE {
180	ia5String	IA5String,
181	teletexString	TeletexString,
182	printableString	PrintableString,
183	universalString UniversalString,
184	utf8String	UTF8String,
185	bmpString	BMPString
186}
187
188Attribute ::= SEQUENCE {
189        type    AttributeType,
190        value   SET OF -- AttributeValue -- heim_any
191}
192
193AttributeTypeAndValue ::= SEQUENCE {
194        type    AttributeType,
195        value   DirectoryString
196}
197
198RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
199
200RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
201
202Name ::= CHOICE {
203	rdnSequence  RDNSequence
204}
205
206CertificateSerialNumber ::= INTEGER
207
208Time ::= CHOICE {
209     utcTime        UTCTime,
210     generalTime    GeneralizedTime
211}
212
213Validity ::= SEQUENCE {
214     notBefore      Time,
215     notAfter       Time
216}
217
218UniqueIdentifier  ::=  BIT STRING
219
220SubjectPublicKeyInfo  ::=  SEQUENCE  {
221     algorithm            AlgorithmIdentifier,
222     subjectPublicKey     BIT STRING
223}
224
225Extension  ::=  SEQUENCE  {
226     extnID      OBJECT IDENTIFIER,
227     critical    BOOLEAN OPTIONAL, -- DEFAULT FALSE XXX
228     extnValue   OCTET STRING
229}
230
231Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension
232
233TBSCertificate  ::=  SEQUENCE  {
234     version         [0]  Version OPTIONAL, -- EXPLICIT nnn DEFAULT 1,
235     serialNumber         CertificateSerialNumber,
236     signature            AlgorithmIdentifier,
237     issuer               Name,
238     validity             Validity,
239     subject              Name,
240     subjectPublicKeyInfo SubjectPublicKeyInfo,
241     issuerUniqueID  [1]  IMPLICIT BIT STRING -- UniqueIdentifier -- OPTIONAL,
242                          -- If present, version shall be v2 or v3
243     subjectUniqueID [2]  IMPLICIT BIT STRING -- UniqueIdentifier -- OPTIONAL,
244                          -- If present, version shall be v2 or v3
245     extensions      [3]  EXPLICIT Extensions OPTIONAL
246                          -- If present, version shall be v3
247}
248
249Certificate  ::=  SEQUENCE  {
250     tbsCertificate       TBSCertificate,
251     signatureAlgorithm   AlgorithmIdentifier,
252     signatureValue       BIT STRING
253}
254
255Certificates ::= SEQUENCE OF Certificate
256
257ValidationParms ::= SEQUENCE {
258	seed		BIT STRING,
259	pgenCounter	INTEGER
260}
261
262DomainParameters ::= SEQUENCE {
263	p		INTEGER, -- odd prime, p=jq +1
264	g		INTEGER, -- generator, g
265	q		INTEGER OPTIONAL, -- factor of p-1
266	j		INTEGER OPTIONAL, -- subgroup factor
267	validationParms	ValidationParms OPTIONAL -- ValidationParms
268}
269
270-- As defined by PKCS3
271DHParameter ::= SEQUENCE {
272	prime		INTEGER, -- odd prime, p=jq +1
273	base		INTEGER, -- generator, g
274	privateValueLength INTEGER OPTIONAL
275}
276
277DHPublicKey ::= INTEGER
278
279OtherName ::= SEQUENCE {
280	type-id    OBJECT IDENTIFIER,
281	value      [0] EXPLICIT heim_any
282}
283
284GeneralName ::= CHOICE {
285	otherName			[0]     IMPLICIT -- OtherName -- SEQUENCE {
286		type-id    OBJECT IDENTIFIER,
287		value      [0] EXPLICIT heim_any
288	},
289	rfc822Name			[1]     IMPLICIT IA5String,
290	dNSName				[2]     IMPLICIT IA5String,
291--	x400Address			[3]     IMPLICIT ORAddress,--
292	directoryName			[4]     IMPLICIT -- Name -- CHOICE {
293		rdnSequence  RDNSequence
294	},
295--	ediPartyName			[5]     IMPLICIT EDIPartyName, --
296	uniformResourceIdentifier	[6]     IMPLICIT IA5String,
297	iPAddress			[7]     IMPLICIT OCTET STRING,
298	registeredID			[8]     IMPLICIT OBJECT IDENTIFIER
299}
300
301GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
302
303id-x509-ce-keyUsage OBJECT IDENTIFIER ::=  { id-x509-ce 15 }
304
305KeyUsage ::= BIT STRING {
306	digitalSignature	(0),
307	nonRepudiation		(1),
308	keyEncipherment		(2),
309	dataEncipherment	(3),
310	keyAgreement		(4),
311	keyCertSign		(5),
312	cRLSign			(6),
313	encipherOnly		(7),
314	decipherOnly		(8)
315}
316
317id-x509-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::=  { id-x509-ce 35 }
318
319KeyIdentifier ::= OCTET STRING
320
321AuthorityKeyIdentifier ::= SEQUENCE {
322	keyIdentifier             [0] IMPLICIT OCTET STRING OPTIONAL,
323	authorityCertIssuer       [1] IMPLICIT -- GeneralName --
324		SEQUENCE -- SIZE (1..MAX) -- OF GeneralName OPTIONAL,
325	authorityCertSerialNumber [2] IMPLICIT INTEGER OPTIONAL
326}
327
328id-x509-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::=  { id-x509-ce 14 }
329
330SubjectKeyIdentifier ::= KeyIdentifier
331
332id-x509-ce-basicConstraints OBJECT IDENTIFIER ::=  { id-x509-ce 19 }
333
334BasicConstraints ::= SEQUENCE {
335	cA                      BOOLEAN OPTIONAL -- DEFAULT FALSE --,
336	pathLenConstraint	INTEGER (0..4294967295) OPTIONAL
337}
338
339id-x509-ce-nameConstraints OBJECT IDENTIFIER ::=  { id-x509-ce 30 }
340
341BaseDistance ::= INTEGER -- (0..MAX) --
342
343GeneralSubtree ::= SEQUENCE {
344	base			GeneralName,
345	minimum		[0]	IMPLICIT -- BaseDistance -- INTEGER OPTIONAL -- DEFAULT 0 --,
346	maximum		[1]	IMPLICIT -- BaseDistance -- INTEGER OPTIONAL
347}
348
349GeneralSubtrees ::= SEQUENCE -- SIZE (1..MAX) -- OF GeneralSubtree
350
351NameConstraints ::= SEQUENCE {
352	permittedSubtrees       [0]     IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL,
353	excludedSubtrees        [1]     IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL
354}
355
356id-x509-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::=  { id-x509-ce 16 }
357id-x509-ce-certificatePolicies OBJECT IDENTIFIER ::=  { id-x509-ce 32 }
358id-x509-ce-policyMappings OBJECT IDENTIFIER ::=  { id-x509-ce 33 }
359id-x509-ce-subjectAltName OBJECT IDENTIFIER ::=  { id-x509-ce 17 }
360id-x509-ce-issuerAltName OBJECT IDENTIFIER ::=  { id-x509-ce 18 }
361id-x509-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::=  { id-x509-ce 9 }
362id-x509-ce-policyConstraints OBJECT IDENTIFIER ::=  { id-x509-ce 36 }
363
364id-x509-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-x509-ce 37}
365
366ExtKeyUsage ::= SEQUENCE OF OBJECT IDENTIFIER
367
368id-x509-ce-cRLDistributionPoints OBJECT IDENTIFIER ::=  { id-x509-ce 31 }
369id-x509-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-x509-ce 27 }
370id-x509-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-x509-ce 28 }
371id-x509-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-x509-ce 23 }
372id-x509-ce-invalidityDate OBJECT IDENTIFIER ::= { id-x509-ce 24 }
373id-x509-ce-certificateIssuer   OBJECT IDENTIFIER ::= { id-x509-ce 29 }
374id-x509-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::=  { id-x509-ce 54 }
375
376DistributionPointReasonFlags ::= BIT STRING {
377	unused                  (0),
378	keyCompromise           (1),
379	cACompromise            (2),
380	affiliationChanged      (3),
381	superseded              (4),
382	cessationOfOperation    (5),
383	certificateHold         (6),
384	privilegeWithdrawn      (7),
385	aACompromise            (8)
386}
387
388DistributionPointName ::= CHOICE {
389	fullName                [0]     IMPLICIT -- GeneralNames --  SEQUENCE SIZE (1..MAX) OF GeneralName,
390	nameRelativeToCRLIssuer [1]     RelativeDistinguishedName
391}
392
393DistributionPoint ::= SEQUENCE {
394	distributionPoint       [0]     IMPLICIT heim_any -- DistributionPointName -- OPTIONAL,
395	reasons                 [1]     IMPLICIT heim_any -- DistributionPointReasonFlags -- OPTIONAL,
396	cRLIssuer               [2]     IMPLICIT heim_any -- GeneralNames -- OPTIONAL
397}
398
399CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
400
401
402-- rfc3279
403
404DSASigValue  ::=  SEQUENCE {
405	r	INTEGER,
406	s	INTEGER
407}
408
409DSAPublicKey ::= INTEGER
410
411DSAParams  ::=  SEQUENCE {
412	p	INTEGER,
413	q	INTEGER,
414	g	INTEGER
415}
416
417-- draft-ietf-pkix-ecc-subpubkeyinfo-11
418
419ECPoint ::= OCTET STRING
420
421ECParameters ::= CHOICE {
422	namedCurve         OBJECT IDENTIFIER
423	-- implicitCurve   NULL
424	-- specifiedCurve  SpecifiedECDomain
425}
426
427ECDSA-Sig-Value ::= SEQUENCE {
428     r  INTEGER,
429     s  INTEGER
430}
431
432-- really pkcs1
433
434RSAPublicKey ::= SEQUENCE {
435	modulus INTEGER, -- n
436	publicExponent INTEGER -- e
437}
438
439RSAPrivateKey ::= SEQUENCE {
440	version INTEGER (0..4294967295),
441	modulus INTEGER, -- n
442	publicExponent INTEGER, -- e
443	privateExponent INTEGER, -- d
444	prime1 INTEGER, -- p
445	prime2 INTEGER, -- q
446	exponent1 INTEGER, -- d mod (p-1)
447	exponent2 INTEGER, -- d mod (q-1)
448	coefficient INTEGER -- (inverse of q) mod p
449}
450
451DigestInfo ::= SEQUENCE {
452	digestAlgorithm AlgorithmIdentifier,
453	digest OCTET STRING
454}
455
456-- some ms ext
457
458-- szOID_ENROLL_CERTTYPE_EXTENSION "1.3.6.1.4.1.311.20.2" is Encoded as a
459
460-- UNICODESTRING (0x1E tag)
461
462-- szOID_CERTIFICATE_TEMPLATE "1.3.6.1.4.1.311.21.7" is Encoded as:
463
464-- TemplateVersion ::= INTEGER (0..4294967295)
465
466-- CertificateTemplate ::= SEQUENCE {
467--	templateID OBJECT IDENTIFIER,
468--	templateMajorVersion TemplateVersion,
469--	templateMinorVersion TemplateVersion OPTIONAL
470-- }
471
472
473--
474-- CRL
475--
476
477TBSCRLCertList ::=  SEQUENCE  {
478	version			Version OPTIONAL, -- if present, MUST be v2
479	signature		AlgorithmIdentifier,
480	issuer			Name,
481	thisUpdate		Time,
482	nextUpdate		Time OPTIONAL,
483	revokedCertificates     SEQUENCE OF SEQUENCE  {
484		userCertificate         CertificateSerialNumber,
485		revocationDate          Time,
486		crlEntryExtensions      Extensions OPTIONAL
487						-- if present, MUST be v2
488	} OPTIONAL,
489	crlExtensions		[0] EXPLICIT Extensions OPTIONAL
490						-- if present, MUST be v2
491}
492
493
494CRLCertificateList ::=  SEQUENCE  {
495	tbsCertList          TBSCRLCertList,
496	signatureAlgorithm   AlgorithmIdentifier,
497	signatureValue       BIT STRING
498}
499
500id-x509-ce-cRLNumber OBJECT IDENTIFIER ::= { id-x509-ce 20 }
501id-x509-ce-freshestCRL OBJECT IDENTIFIER ::=  { id-x509-ce 46 }
502id-x509-ce-cRLReason OBJECT IDENTIFIER ::= { id-x509-ce 21 }
503
504CRLReason ::= ENUMERATED {
505	unspecified             (0),
506	keyCompromise           (1),
507	cACompromise            (2),
508	affiliationChanged      (3),
509	superseded              (4),
510	cessationOfOperation    (5),
511	certificateHold         (6),
512	removeFromCRL           (8),
513	privilegeWithdrawn      (9),
514	aACompromise           (10)
515}
516
517PKIXXmppAddr ::= UTF8String
518
519id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
520            dod(6) internet(1) security(5) mechanisms(5) pkix(7) }
521
522id-pkix-on OBJECT IDENTIFIER ::= { id-pkix 8 }
523id-pkix-on-xmppAddr OBJECT IDENTIFIER ::= { id-pkix-on 5 }
524id-pkix-on-dnsSRV OBJECT IDENTIFIER ::= { id-pkix-on 7 }
525
526id-pkix-kp OBJECT IDENTIFIER ::= { id-pkix 3 }
527id-pkix-kp-serverAuth OBJECT IDENTIFIER ::= { id-pkix-kp 1 }
528id-pkix-kp-clientAuth OBJECT IDENTIFIER ::= { id-pkix-kp 2 }
529id-pkix-kp-emailProtection OBJECT IDENTIFIER ::= { id-pkix-kp 4 }
530id-pkix-kp-timeStamping OBJECT IDENTIFIER ::= { id-pkix-kp 8 }
531id-pkix-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-pkix-kp 9 }
532
533id-pkix-pe OBJECT IDENTIFIER ::= { id-pkix 1 }
534
535id-pkix-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pkix-pe 1 }
536
537AccessDescription  ::=  SEQUENCE {
538	accessMethod          OBJECT IDENTIFIER,
539	accessLocation        GeneralName
540}
541
542AuthorityInfoAccessSyntax ::= SEQUENCE SIZE (1..MAX) OF AccessDescription
543
544-- RFC 3820 Proxy Certificate Profile
545
546id-pkix-pe-proxyCertInfo OBJECT IDENTIFIER ::= { id-pkix-pe 14 }
547
548id-pkix-ppl  OBJECT IDENTIFIER ::= { id-pkix 21 }
549
550id-pkix-ppl-anyLanguage     OBJECT IDENTIFIER ::= { id-pkix-ppl 0 }
551id-pkix-ppl-inheritAll      OBJECT IDENTIFIER ::= { id-pkix-ppl 1 }
552id-pkix-ppl-independent     OBJECT IDENTIFIER ::= { id-pkix-ppl 2 }
553
554ProxyPolicy ::= SEQUENCE {
555	policyLanguage		OBJECT IDENTIFIER,
556	policy			OCTET STRING OPTIONAL
557}
558
559ProxyCertInfo ::= SEQUENCE {
560	pCPathLenConstraint	INTEGER (0..4294967295) OPTIONAL, -- really MAX
561	proxyPolicy		ProxyPolicy
562}
563
564--- U.S. Federal PKI Common Policy Framework
565-- Card Authentication key
566id-uspkicommon-card-id OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 6 }
567id-uspkicommon-piv-interim OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 9 1 }
568
569--- Netscape extentions
570
571id-netscape OBJECT IDENTIFIER ::=
572    { joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730) }
573id-netscape-cert-comment OBJECT IDENTIFIER ::= { id-netscape 1 13 }
574
575--- MS extentions
576
577id-ms-cert-enroll-domaincontroller OBJECT IDENTIFIER ::=
578    { 1 3 6 1 4 1 311 20 2 }
579
580id-ms-client-authentication OBJECT IDENTIFIER ::=
581 { 1 3 6 1 5 5 7 3 2 }
582
583-- DER:1e:20:00:44:00:6f:00:6d:00:61:00:69:00:6e:00:43:00:6f:00:6e:00:74:00:72:00:6f:00:6c:00:6c:00:65:00:72
584
585END
586