source: vendor/current/source4/heimdal/lib/asn1/rfc2459.asn1@ 740

Last change on this file since 740 was 740, checked in by Silvan Scherrer, 12 years ago

Samba Server: update vendor to 3.6.0
File size: 17.3 KB
Line 
1-- $Id$ --
2-- Definitions from rfc2459/rfc3280
3
4RFC2459 DEFINITIONS ::= BEGIN
5
6IMPORTS heim_any FROM heim;
7
8Version ::= INTEGER {
9 rfc3280_version_1(0),
10 rfc3280_version_2(1),
11 rfc3280_version_3(2)
12}
13
14id-pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
15 rsadsi(113549) pkcs(1) 1 }
16id-pkcs1-rsaEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 1 }
17id-pkcs1-md2WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 2 }
18id-pkcs1-md5WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 4 }
19id-pkcs1-sha1WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 5 }
20id-pkcs1-sha256WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 11 }
21id-pkcs1-sha384WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 12 }
22id-pkcs1-sha512WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 13 }
23
24id-heim-rsa-pkcs1-x509 OBJECT IDENTIFIER ::= { 1 2 752 43 16 1 }
25
26id-pkcs-2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
27 rsadsi(113549) pkcs(1) 2 }
28id-pkcs2-md2 OBJECT IDENTIFIER ::= { id-pkcs-2 2 }
29id-pkcs2-md4 OBJECT IDENTIFIER ::= { id-pkcs-2 4 }
30id-pkcs2-md5 OBJECT IDENTIFIER ::= { id-pkcs-2 5 }
31
32id-rsa-digestAlgorithm OBJECT IDENTIFIER ::=
33{ iso(1) member-body(2) us(840) rsadsi(113549) 2 }
34
35id-rsa-digest-md2 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 2 }
36id-rsa-digest-md4 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 4 }
37id-rsa-digest-md5 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 5 }
38
39id-pkcs-3 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
40 rsadsi(113549) pkcs(1) 3 }
41
42id-pkcs3-rc2-cbc OBJECT IDENTIFIER ::= { id-pkcs-3 2 }
43id-pkcs3-rc4 OBJECT IDENTIFIER ::= { id-pkcs-3 4 }
44id-pkcs3-des-ede3-cbc OBJECT IDENTIFIER ::= { id-pkcs-3 7 }
45
46id-rsadsi-encalg OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
47 rsadsi(113549) 3 }
48
49id-rsadsi-rc2-cbc OBJECT IDENTIFIER ::= { id-rsadsi-encalg 2 }
50id-rsadsi-des-ede3-cbc OBJECT IDENTIFIER ::= { id-rsadsi-encalg 7 }
51
52id-secsig-sha-1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
53 oiw(14) secsig(3) algorithm(2) 26 }
54
55id-secsig-sha-1WithRSAEncryption OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
56 oiw(14) secsig(3) algorithm(2) 29 }
57
58id-nistAlgorithm OBJECT IDENTIFIER ::= {
59 joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) 4 }
60
61id-nist-aes-algs OBJECT IDENTIFIER ::= { id-nistAlgorithm 1 }
62
63id-aes-128-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 2 }
64id-aes-192-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 22 }
65id-aes-256-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 42 }
66
67id-nist-sha-algs OBJECT IDENTIFIER ::= { id-nistAlgorithm 2 }
68
69id-sha256 OBJECT IDENTIFIER ::= { id-nist-sha-algs 1 }
70id-sha224 OBJECT IDENTIFIER ::= { id-nist-sha-algs 4 }
71id-sha384 OBJECT IDENTIFIER ::= { id-nist-sha-algs 2 }
72id-sha512 OBJECT IDENTIFIER ::= { id-nist-sha-algs 3 }
73
74id-dhpublicnumber OBJECT IDENTIFIER ::= {
75 iso(1) member-body(2) us(840) ansi-x942(10046)
76 number-type(2) 1 }
77
78-- ECC
79
80id-ecPublicKey OBJECT IDENTIFIER ::= {
81 iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 }
82
83id-ecDH OBJECT IDENTIFIER ::= {
84 iso(1) identified-organization(3) certicom(132) schemes(1)
85 ecdh(12) }
86
87id-ecMQV OBJECT IDENTIFIER ::= {
88 iso(1) identified-organization(3) certicom(132) schemes(1)
89 ecmqv(13) }
90
91id-ecdsa-with-SHA256 OBJECT IDENTIFIER ::= {
92 iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
93 ecdsa-with-SHA2(3) 2 }
94
95id-ecdsa-with-SHA1 OBJECT IDENTIFIER ::= {
96 iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 1 }
97
98-- some EC group ids
99
100id-ec-group-secp256r1 OBJECT IDENTIFIER ::= {
101 iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3)
102 prime(1) 7 }
103
104id-ec-group-secp160r1 OBJECT IDENTIFIER ::= {
105 iso(1) identified-organization(3) certicom(132) 0 8 }
106
107id-ec-group-secp160r2 OBJECT IDENTIFIER ::= {
108 iso(1) identified-organization(3) certicom(132) 0 30 }
109
110-- DSA
111
112id-x9-57 OBJECT IDENTIFIER ::= {
113 iso(1) member-body(2) us(840) ansi-x942(10046) 4 }
114
115id-dsa OBJECT IDENTIFIER ::= { id-x9-57 1 }
116id-dsa-with-sha1 OBJECT IDENTIFIER ::= { id-x9-57 3 }
117
118-- x.520 names types
119
120id-x520-at OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) ds(5) 4 }
121
122id-at-commonName OBJECT IDENTIFIER ::= { id-x520-at 3 }
123id-at-surname OBJECT IDENTIFIER ::= { id-x520-at 4 }
124id-at-serialNumber OBJECT IDENTIFIER ::= { id-x520-at 5 }
125id-at-countryName OBJECT IDENTIFIER ::= { id-x520-at 6 }
126id-at-localityName OBJECT IDENTIFIER ::= { id-x520-at 7 }
127id-at-stateOrProvinceName OBJECT IDENTIFIER ::= { id-x520-at 8 }
128id-at-streetAddress OBJECT IDENTIFIER ::= { id-x520-at 9 }
129id-at-organizationName OBJECT IDENTIFIER ::= { id-x520-at 10 }
130id-at-organizationalUnitName OBJECT IDENTIFIER ::= { id-x520-at 11 }
131id-at-name OBJECT IDENTIFIER ::= { id-x520-at 41 }
132id-at-givenName OBJECT IDENTIFIER ::= { id-x520-at 42 }
133id-at-initials OBJECT IDENTIFIER ::= { id-x520-at 43 }
134id-at-generationQualifier OBJECT IDENTIFIER ::= { id-x520-at 44 }
135id-at-pseudonym OBJECT IDENTIFIER ::= { id-x520-at 65 }
136-- RFC 2247
137id-Userid OBJECT IDENTIFIER ::=
138 { 0 9 2342 19200300 100 1 1 }
139id-domainComponent OBJECT IDENTIFIER ::=
140 { 0 9 2342 19200300 100 1 25 }
141
142
143-- rfc3280
144
145id-x509-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29}
146
147AlgorithmIdentifier ::= SEQUENCE {
148 algorithm OBJECT IDENTIFIER,
149 parameters heim_any OPTIONAL
150}
151
152AttributeType ::= OBJECT IDENTIFIER
153
154AttributeValue ::= heim_any
155
156DirectoryString ::= CHOICE {
157 ia5String IA5String,
158 teletexString TeletexString,
159 printableString PrintableString,
160 universalString UniversalString,
161 utf8String UTF8String,
162 bmpString BMPString
163}
164
165Attribute ::= SEQUENCE {
166 type AttributeType,
167 value SET OF -- AttributeValue -- heim_any
168}
169
170AttributeTypeAndValue ::= SEQUENCE {
171 type AttributeType,
172 value DirectoryString
173}
174
175RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
176
177RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
178
179Name ::= CHOICE {
180 rdnSequence RDNSequence
181}
182
183CertificateSerialNumber ::= INTEGER
184
185Time ::= CHOICE {
186 utcTime UTCTime,
187 generalTime GeneralizedTime
188}
189
190Validity ::= SEQUENCE {
191 notBefore Time,
192 notAfter Time
193}
194
195UniqueIdentifier ::= BIT STRING
196
197SubjectPublicKeyInfo ::= SEQUENCE {
198 algorithm AlgorithmIdentifier,
199 subjectPublicKey BIT STRING
200}
201
202Extension ::= SEQUENCE {
203 extnID OBJECT IDENTIFIER,
204 critical BOOLEAN OPTIONAL, -- DEFAULT FALSE XXX
205 extnValue OCTET STRING
206}
207
208Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
209
210TBSCertificate ::= SEQUENCE {
211 version [0] Version OPTIONAL, -- EXPLICIT nnn DEFAULT 1,
212 serialNumber CertificateSerialNumber,
213 signature AlgorithmIdentifier,
214 issuer Name,
215 validity Validity,
216 subject Name,
217 subjectPublicKeyInfo SubjectPublicKeyInfo,
218 issuerUniqueID [1] IMPLICIT BIT STRING -- UniqueIdentifier -- OPTIONAL,
219 -- If present, version shall be v2 or v3
220 subjectUniqueID [2] IMPLICIT BIT STRING -- UniqueIdentifier -- OPTIONAL,
221 -- If present, version shall be v2 or v3
222 extensions [3] EXPLICIT Extensions OPTIONAL
223 -- If present, version shall be v3
224}
225
226Certificate ::= SEQUENCE {
227 tbsCertificate TBSCertificate,
228 signatureAlgorithm AlgorithmIdentifier,
229 signatureValue BIT STRING
230}
231
232Certificates ::= SEQUENCE OF Certificate
233
234ValidationParms ::= SEQUENCE {
235 seed BIT STRING,
236 pgenCounter INTEGER
237}
238
239DomainParameters ::= SEQUENCE {
240 p INTEGER, -- odd prime, p=jq +1
241 g INTEGER, -- generator, g
242 q INTEGER, -- factor of p-1
243 j INTEGER OPTIONAL, -- subgroup factor
244 validationParms ValidationParms OPTIONAL -- ValidationParms
245}
246
247-- As defined by PKCS3
248DHParameter ::= SEQUENCE {
249 prime INTEGER, -- odd prime, p=jq +1
250 base INTEGER, -- generator, g
251 privateValueLength INTEGER OPTIONAL
252}
253
254DHPublicKey ::= INTEGER
255
256OtherName ::= SEQUENCE {
257 type-id OBJECT IDENTIFIER,
258 value [0] EXPLICIT heim_any
259}
260
261GeneralName ::= CHOICE {
262 otherName [0] IMPLICIT -- OtherName -- SEQUENCE {
263 type-id OBJECT IDENTIFIER,
264 value [0] EXPLICIT heim_any
265 },
266 rfc822Name [1] IMPLICIT IA5String,
267 dNSName [2] IMPLICIT IA5String,
268-- x400Address [3] IMPLICIT ORAddress,--
269 directoryName [4] IMPLICIT -- Name -- CHOICE {
270 rdnSequence RDNSequence
271 },
272-- ediPartyName [5] IMPLICIT EDIPartyName, --
273 uniformResourceIdentifier [6] IMPLICIT IA5String,
274 iPAddress [7] IMPLICIT OCTET STRING,
275 registeredID [8] IMPLICIT OBJECT IDENTIFIER
276}
277
278GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
279
280id-x509-ce-keyUsage OBJECT IDENTIFIER ::= { id-x509-ce 15 }
281
282KeyUsage ::= BIT STRING {
283 digitalSignature (0),
284 nonRepudiation (1),
285 keyEncipherment (2),
286 dataEncipherment (3),
287 keyAgreement (4),
288 keyCertSign (5),
289 cRLSign (6),
290 encipherOnly (7),
291 decipherOnly (8)
292}
293
294id-x509-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-x509-ce 35 }
295
296KeyIdentifier ::= OCTET STRING
297
298AuthorityKeyIdentifier ::= SEQUENCE {
299 keyIdentifier [0] IMPLICIT OCTET STRING OPTIONAL,
300 authorityCertIssuer [1] IMPLICIT -- GeneralName --
301 SEQUENCE -- SIZE (1..MAX) -- OF GeneralName OPTIONAL,
302 authorityCertSerialNumber [2] IMPLICIT INTEGER OPTIONAL
303}
304
305id-x509-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-x509-ce 14 }
306
307SubjectKeyIdentifier ::= KeyIdentifier
308
309id-x509-ce-basicConstraints OBJECT IDENTIFIER ::= { id-x509-ce 19 }
310
311BasicConstraints ::= SEQUENCE {
312 cA BOOLEAN OPTIONAL -- DEFAULT FALSE --,
313 pathLenConstraint INTEGER (0..4294967295) OPTIONAL
314}
315
316id-x509-ce-nameConstraints OBJECT IDENTIFIER ::= { id-x509-ce 30 }
317
318BaseDistance ::= INTEGER -- (0..MAX) --
319
320GeneralSubtree ::= SEQUENCE {
321 base GeneralName,
322 minimum [0] IMPLICIT -- BaseDistance -- INTEGER OPTIONAL -- DEFAULT 0 --,
323 maximum [1] IMPLICIT -- BaseDistance -- INTEGER OPTIONAL
324}
325
326GeneralSubtrees ::= SEQUENCE -- SIZE (1..MAX) -- OF GeneralSubtree
327
328NameConstraints ::= SEQUENCE {
329 permittedSubtrees [0] IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL,
330 excludedSubtrees [1] IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL
331}
332
333id-x509-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= { id-x509-ce 16 }
334id-x509-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-x509-ce 32 }
335id-x509-ce-policyMappings OBJECT IDENTIFIER ::= { id-x509-ce 33 }
336id-x509-ce-subjectAltName OBJECT IDENTIFIER ::= { id-x509-ce 17 }
337id-x509-ce-issuerAltName OBJECT IDENTIFIER ::= { id-x509-ce 18 }
338id-x509-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-x509-ce 9 }
339id-x509-ce-policyConstraints OBJECT IDENTIFIER ::= { id-x509-ce 36 }
340
341id-x509-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-x509-ce 37}
342
343ExtKeyUsage ::= SEQUENCE OF OBJECT IDENTIFIER
344
345id-x509-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-x509-ce 31 }
346id-x509-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-x509-ce 27 }
347id-x509-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-x509-ce 28 }
348id-x509-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-x509-ce 23 }
349id-x509-ce-invalidityDate OBJECT IDENTIFIER ::= { id-x509-ce 24 }
350id-x509-ce-certificateIssuer OBJECT IDENTIFIER ::= { id-x509-ce 29 }
351id-x509-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-x509-ce 54 }
352
353DistributionPointReasonFlags ::= BIT STRING {
354 unused (0),
355 keyCompromise (1),
356 cACompromise (2),
357 affiliationChanged (3),
358 superseded (4),
359 cessationOfOperation (5),
360 certificateHold (6),
361 privilegeWithdrawn (7),
362 aACompromise (8)
363}
364
365DistributionPointName ::= CHOICE {
366 fullName [0] IMPLICIT -- GeneralNames -- SEQUENCE SIZE (1..MAX) OF GeneralName,
367 nameRelativeToCRLIssuer [1] RelativeDistinguishedName
368}
369
370DistributionPoint ::= SEQUENCE {
371 distributionPoint [0] IMPLICIT heim_any -- DistributionPointName -- OPTIONAL,
372 reasons [1] IMPLICIT heim_any -- DistributionPointReasonFlags -- OPTIONAL,
373 cRLIssuer [2] IMPLICIT heim_any -- GeneralNames -- OPTIONAL
374}
375
376CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
377
378
379-- rfc3279
380
381DSASigValue ::= SEQUENCE {
382 r INTEGER,
383 s INTEGER
384}
385
386DSAPublicKey ::= INTEGER
387
388DSAParams ::= SEQUENCE {
389 p INTEGER,
390 q INTEGER,
391 g INTEGER
392}
393
394-- draft-ietf-pkix-ecc-subpubkeyinfo-11
395
396ECPoint ::= OCTET STRING
397
398ECParameters ::= CHOICE {
399 namedCurve OBJECT IDENTIFIER
400 -- implicitCurve NULL
401 -- specifiedCurve SpecifiedECDomain
402}
403
404ECDSA-Sig-Value ::= SEQUENCE {
405 r INTEGER,
406 s INTEGER
407}
408
409-- really pkcs1
410
411RSAPublicKey ::= SEQUENCE {
412 modulus INTEGER, -- n
413 publicExponent INTEGER -- e
414}
415
416RSAPrivateKey ::= SEQUENCE {
417 version INTEGER (0..4294967295),
418 modulus INTEGER, -- n
419 publicExponent INTEGER, -- e
420 privateExponent INTEGER, -- d
421 prime1 INTEGER, -- p
422 prime2 INTEGER, -- q
423 exponent1 INTEGER, -- d mod (p-1)
424 exponent2 INTEGER, -- d mod (q-1)
425 coefficient INTEGER -- (inverse of q) mod p
426}
427
428DigestInfo ::= SEQUENCE {
429 digestAlgorithm AlgorithmIdentifier,
430 digest OCTET STRING
431}
432
433-- some ms ext
434
435-- szOID_ENROLL_CERTTYPE_EXTENSION "1.3.6.1.4.1.311.20.2" is Encoded as a
436
437-- UNICODESTRING (0x1E tag)
438
439-- szOID_CERTIFICATE_TEMPLATE "1.3.6.1.4.1.311.21.7" is Encoded as:
440
441-- TemplateVersion ::= INTEGER (0..4294967295)
442
443-- CertificateTemplate ::= SEQUENCE {
444-- templateID OBJECT IDENTIFIER,
445-- templateMajorVersion TemplateVersion,
446-- templateMinorVersion TemplateVersion OPTIONAL
447-- }
448
449
450--
451-- CRL
452--
453
454TBSCRLCertList ::= SEQUENCE {
455 version Version OPTIONAL, -- if present, MUST be v2
456 signature AlgorithmIdentifier,
457 issuer Name,
458 thisUpdate Time,
459 nextUpdate Time OPTIONAL,
460 revokedCertificates SEQUENCE OF SEQUENCE {
461 userCertificate CertificateSerialNumber,
462 revocationDate Time,
463 crlEntryExtensions Extensions OPTIONAL
464 -- if present, MUST be v2
465 } OPTIONAL,
466 crlExtensions [0] EXPLICIT Extensions OPTIONAL
467 -- if present, MUST be v2
468}
469
470
471CRLCertificateList ::= SEQUENCE {
472 tbsCertList TBSCRLCertList,
473 signatureAlgorithm AlgorithmIdentifier,
474 signatureValue BIT STRING
475}
476
477id-x509-ce-cRLNumber OBJECT IDENTIFIER ::= { id-x509-ce 20 }
478id-x509-ce-freshestCRL OBJECT IDENTIFIER ::= { id-x509-ce 46 }
479id-x509-ce-cRLReason OBJECT IDENTIFIER ::= { id-x509-ce 21 }
480
481CRLReason ::= ENUMERATED {
482 unspecified (0),
483 keyCompromise (1),
484 cACompromise (2),
485 affiliationChanged (3),
486 superseded (4),
487 cessationOfOperation (5),
488 certificateHold (6),
489 removeFromCRL (8),
490 privilegeWithdrawn (9),
491 aACompromise (10)
492}
493
494PKIXXmppAddr ::= UTF8String
495
496id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
497 dod(6) internet(1) security(5) mechanisms(5) pkix(7) }
498
499id-pkix-on OBJECT IDENTIFIER ::= { id-pkix 8 }
500id-pkix-on-xmppAddr OBJECT IDENTIFIER ::= { id-pkix-on 5 }
501id-pkix-on-dnsSRV OBJECT IDENTIFIER ::= { id-pkix-on 7 }
502
503id-pkix-kp OBJECT IDENTIFIER ::= { id-pkix 3 }
504id-pkix-kp-serverAuth OBJECT IDENTIFIER ::= { id-pkix-kp 1 }
505id-pkix-kp-clientAuth OBJECT IDENTIFIER ::= { id-pkix-kp 2 }
506id-pkix-kp-emailProtection OBJECT IDENTIFIER ::= { id-pkix-kp 4 }
507id-pkix-kp-timeStamping OBJECT IDENTIFIER ::= { id-pkix-kp 8 }
508id-pkix-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-pkix-kp 9 }
509
510id-pkix-pe OBJECT IDENTIFIER ::= { id-pkix 1 }
511
512id-pkix-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pkix-pe 1 }
513
514AccessDescription ::= SEQUENCE {
515 accessMethod OBJECT IDENTIFIER,
516 accessLocation GeneralName
517}
518
519AuthorityInfoAccessSyntax ::= SEQUENCE SIZE (1..MAX) OF AccessDescription
520
521-- RFC 3820 Proxy Certificate Profile
522
523id-pkix-pe-proxyCertInfo OBJECT IDENTIFIER ::= { id-pkix-pe 14 }
524
525id-pkix-ppl OBJECT IDENTIFIER ::= { id-pkix 21 }
526
527id-pkix-ppl-anyLanguage OBJECT IDENTIFIER ::= { id-pkix-ppl 0 }
528id-pkix-ppl-inheritAll OBJECT IDENTIFIER ::= { id-pkix-ppl 1 }
529id-pkix-ppl-independent OBJECT IDENTIFIER ::= { id-pkix-ppl 2 }
530
531ProxyPolicy ::= SEQUENCE {
532 policyLanguage OBJECT IDENTIFIER,
533 policy OCTET STRING OPTIONAL
534}
535
536ProxyCertInfo ::= SEQUENCE {
537 pCPathLenConstraint INTEGER (0..4294967295) OPTIONAL, -- really MAX
538 proxyPolicy ProxyPolicy
539}
540
541--- U.S. Federal PKI Common Policy Framework
542-- Card Authentication key
543id-uspkicommon-card-id OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 6 }
544id-uspkicommon-piv-interim OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 9 1 }
545
546--- Netscape extentions
547
548id-netscape OBJECT IDENTIFIER ::=
549 { joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730) }
550id-netscape-cert-comment OBJECT IDENTIFIER ::= { id-netscape 1 13 }
551
552--- MS extentions
553
554id-ms-cert-enroll-domaincontroller OBJECT IDENTIFIER ::=
555 { 1 3 6 1 4 1 311 20 2 }
556
557id-ms-client-authentication OBJECT IDENTIFIER ::=
558 { 1 3 6 1 5 5 7 3 2 }
559
560-- DER:1e:20:00:44:00:6f:00:6d:00:61:00:69:00:6e:00:43:00:6f:00:6e:00:74:00:72:00:6f:00:6c:00:6c:00:65:00:72
561
562END
Note: See TracBrowser for help on using the repository browser.