1-- $Id$ -- 2-- Definitions from rfc2459/rfc3280 3 4RFC2459 DEFINITIONS ::= BEGIN 5 6IMPORTS heim_any FROM heim; 7 8Version ::= INTEGER { 9 rfc3280_version_1(0), 10 rfc3280_version_2(1), 11 rfc3280_version_3(2) 12} 13 14id-pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) 15 rsadsi(113549) pkcs(1) 1 } 16id-pkcs1-rsaEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 1 } 17id-pkcs1-md2WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 2 } 18id-pkcs1-md5WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 4 } 19id-pkcs1-sha1WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 5 } 20id-pkcs1-sha256WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 11 } 21id-pkcs1-sha384WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 12 } 22id-pkcs1-sha512WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 13 } 23 24id-heim-rsa-pkcs1-x509 OBJECT IDENTIFIER ::= { 1 2 752 43 16 1 } 25 26id-pkcs-2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) 27 rsadsi(113549) pkcs(1) 2 } 28id-pkcs2-md2 OBJECT IDENTIFIER ::= { id-pkcs-2 2 } 29id-pkcs2-md4 OBJECT IDENTIFIER ::= { id-pkcs-2 4 } 30id-pkcs2-md5 OBJECT IDENTIFIER ::= { id-pkcs-2 5 } 31 32id-rsa-digestAlgorithm OBJECT IDENTIFIER ::= 33{ iso(1) member-body(2) us(840) rsadsi(113549) 2 } 34 35id-rsa-digest-md2 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 2 } 36id-rsa-digest-md4 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 4 } 37id-rsa-digest-md5 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 5 } 38 39id-pkcs-3 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) 40 rsadsi(113549) pkcs(1) 3 } 41 42id-pkcs3-rc2-cbc OBJECT IDENTIFIER ::= { id-pkcs-3 2 } 43id-pkcs3-rc4 OBJECT IDENTIFIER ::= { id-pkcs-3 4 } 44id-pkcs3-des-ede3-cbc OBJECT IDENTIFIER ::= { id-pkcs-3 7 } 45 46id-rsadsi-encalg OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) 47 rsadsi(113549) 3 } 48 49id-rsadsi-rc2-cbc OBJECT IDENTIFIER ::= { id-rsadsi-encalg 2 } 50id-rsadsi-des-ede3-cbc OBJECT IDENTIFIER ::= { id-rsadsi-encalg 7 } 51 52id-secsig-sha-1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) 53 oiw(14) secsig(3) algorithm(2) 26 } 54 55id-secsig-sha-1WithRSAEncryption OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) 56 oiw(14) secsig(3) algorithm(2) 29 } 57 58id-nistAlgorithm OBJECT IDENTIFIER ::= { 59 joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) 4 } 60 61id-nist-aes-algs OBJECT IDENTIFIER ::= { id-nistAlgorithm 1 } 62 63id-aes-128-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 2 } 64id-aes-192-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 22 } 65id-aes-256-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 42 } 66 67id-nist-sha-algs OBJECT IDENTIFIER ::= { id-nistAlgorithm 2 } 68 69id-sha256 OBJECT IDENTIFIER ::= { id-nist-sha-algs 1 } 70id-sha224 OBJECT IDENTIFIER ::= { id-nist-sha-algs 4 } 71id-sha384 OBJECT IDENTIFIER ::= { id-nist-sha-algs 2 } 72id-sha512 OBJECT IDENTIFIER ::= { id-nist-sha-algs 3 } 73 74id-dhpublicnumber OBJECT IDENTIFIER ::= { 75 iso(1) member-body(2) us(840) ansi-x942(10046) 76 number-type(2) 1 } 77 78-- ECC 79 80id-ecPublicKey OBJECT IDENTIFIER ::= { 81 iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 } 82 83id-ecDH OBJECT IDENTIFIER ::= { 84 iso(1) identified-organization(3) certicom(132) schemes(1) 85 ecdh(12) } 86 87id-ecMQV OBJECT IDENTIFIER ::= { 88 iso(1) identified-organization(3) certicom(132) schemes(1) 89 ecmqv(13) } 90 91id-ecdsa-with-SHA256 OBJECT IDENTIFIER ::= { 92 iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 93 ecdsa-with-SHA2(3) 2 } 94 95id-ecdsa-with-SHA1 OBJECT IDENTIFIER ::= { 96 iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 1 } 97 98-- some EC group ids 99 100id-ec-group-secp256r1 OBJECT IDENTIFIER ::= { 101 iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) 102 prime(1) 7 } 103 104id-ec-group-secp160r1 OBJECT IDENTIFIER ::= { 105 iso(1) identified-organization(3) certicom(132) 0 8 } 106 107id-ec-group-secp160r2 OBJECT IDENTIFIER ::= { 108 iso(1) identified-organization(3) certicom(132) 0 30 } 109 110-- DSA 111 112id-x9-57 OBJECT IDENTIFIER ::= { 113 iso(1) member-body(2) us(840) ansi-x942(10046) 4 } 114 115id-dsa OBJECT IDENTIFIER ::= { id-x9-57 1 } 116id-dsa-with-sha1 OBJECT IDENTIFIER ::= { id-x9-57 3 } 117 118-- x.520 names types 119 120id-x520-at OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) ds(5) 4 } 121 122id-at-commonName OBJECT IDENTIFIER ::= { id-x520-at 3 } 123id-at-surname OBJECT IDENTIFIER ::= { id-x520-at 4 } 124id-at-serialNumber OBJECT IDENTIFIER ::= { id-x520-at 5 } 125id-at-countryName OBJECT IDENTIFIER ::= { id-x520-at 6 } 126id-at-localityName OBJECT IDENTIFIER ::= { id-x520-at 7 } 127id-at-stateOrProvinceName OBJECT IDENTIFIER ::= { id-x520-at 8 } 128id-at-streetAddress OBJECT IDENTIFIER ::= { id-x520-at 9 } 129id-at-organizationName OBJECT IDENTIFIER ::= { id-x520-at 10 } 130id-at-organizationalUnitName OBJECT IDENTIFIER ::= { id-x520-at 11 } 131id-at-title OBJECT IDENTIFIER ::= { id-x520-at 12 } 132id-at-description OBJECT IDENTIFIER ::= { id-x520-at 13 } 133id-at-name OBJECT IDENTIFIER ::= { id-x520-at 41 } 134id-at-givenName OBJECT IDENTIFIER ::= { id-x520-at 42 } 135id-at-initials OBJECT IDENTIFIER ::= { id-x520-at 43 } 136id-at-generationQualifier OBJECT IDENTIFIER ::= { id-x520-at 44 } 137id-at-pseudonym OBJECT IDENTIFIER ::= { id-x520-at 65 } 138-- RFC 2247 139id-Userid OBJECT IDENTIFIER ::= 140 { 0 9 2342 19200300 100 1 1 } 141id-domainComponent OBJECT IDENTIFIER ::= 142 { 0 9 2342 19200300 100 1 25 } 143 144 145-- rfc3280 146 147id-x509-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29} 148 149AlgorithmIdentifier ::= SEQUENCE { 150 algorithm OBJECT IDENTIFIER, 151 parameters heim_any OPTIONAL 152} 153 154AttributeType ::= OBJECT IDENTIFIER 155 156AttributeValue ::= heim_any 157 158DirectoryString ::= CHOICE { 159 ia5String IA5String, 160 teletexString TeletexString, 161 printableString PrintableString, 162 universalString UniversalString, 163 utf8String UTF8String, 164 bmpString BMPString 165} 166 167Attribute ::= SEQUENCE { 168 type AttributeType, 169 value SET OF -- AttributeValue -- heim_any 170} 171 172AttributeTypeAndValue ::= SEQUENCE { 173 type AttributeType, 174 value DirectoryString 175} 176 177RelativeDistinguishedName ::= SET OF AttributeTypeAndValue 178 179RDNSequence ::= SEQUENCE OF RelativeDistinguishedName 180 181Name ::= CHOICE { 182 rdnSequence RDNSequence 183} 184 185CertificateSerialNumber ::= INTEGER 186 187Time ::= CHOICE { 188 utcTime UTCTime, 189 generalTime GeneralizedTime 190} 191 192Validity ::= SEQUENCE { 193 notBefore Time, 194 notAfter Time 195} 196 197UniqueIdentifier ::= BIT STRING 198 199SubjectPublicKeyInfo ::= SEQUENCE { 200 algorithm AlgorithmIdentifier, 201 subjectPublicKey BIT STRING 202} 203 204Extension ::= SEQUENCE { 205 extnID OBJECT IDENTIFIER, 206 critical BOOLEAN OPTIONAL, -- DEFAULT FALSE XXX 207 extnValue OCTET STRING 208} 209 210Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension 211 212TBSCertificate ::= SEQUENCE { 213 version [0] Version OPTIONAL, -- EXPLICIT nnn DEFAULT 1, 214 serialNumber CertificateSerialNumber, 215 signature AlgorithmIdentifier, 216 issuer Name, 217 validity Validity, 218 subject Name, 219 subjectPublicKeyInfo SubjectPublicKeyInfo, 220 issuerUniqueID [1] IMPLICIT BIT STRING -- UniqueIdentifier -- OPTIONAL, 221 -- If present, version shall be v2 or v3 222 subjectUniqueID [2] IMPLICIT BIT STRING -- UniqueIdentifier -- OPTIONAL, 223 -- If present, version shall be v2 or v3 224 extensions [3] EXPLICIT Extensions OPTIONAL 225 -- If present, version shall be v3 226} 227 228Certificate ::= SEQUENCE { 229 tbsCertificate TBSCertificate, 230 signatureAlgorithm AlgorithmIdentifier, 231 signatureValue BIT STRING 232} 233 234Certificates ::= SEQUENCE OF Certificate 235 236ValidationParms ::= SEQUENCE { 237 seed BIT STRING, 238 pgenCounter INTEGER 239} 240 241DomainParameters ::= SEQUENCE { 242 p INTEGER, -- odd prime, p=jq +1 243 g INTEGER, -- generator, g 244 q INTEGER, -- factor of p-1 245 j INTEGER OPTIONAL, -- subgroup factor 246 validationParms ValidationParms OPTIONAL -- ValidationParms 247} 248 249-- As defined by PKCS3 250DHParameter ::= SEQUENCE { 251 prime INTEGER, -- odd prime, p=jq +1 252 base INTEGER, -- generator, g 253 privateValueLength INTEGER OPTIONAL 254} 255 256DHPublicKey ::= INTEGER 257 258OtherName ::= SEQUENCE { 259 type-id OBJECT IDENTIFIER, 260 value [0] EXPLICIT heim_any 261} 262 263GeneralName ::= CHOICE { 264 otherName [0] IMPLICIT -- OtherName -- SEQUENCE { 265 type-id OBJECT IDENTIFIER, 266 value [0] EXPLICIT heim_any 267 }, 268 rfc822Name [1] IMPLICIT IA5String, 269 dNSName [2] IMPLICIT IA5String, 270-- x400Address [3] IMPLICIT ORAddress,-- 271 directoryName [4] IMPLICIT -- Name -- CHOICE { 272 rdnSequence RDNSequence 273 }, 274-- ediPartyName [5] IMPLICIT EDIPartyName, -- 275 uniformResourceIdentifier [6] IMPLICIT IA5String, 276 iPAddress [7] IMPLICIT OCTET STRING, 277 registeredID [8] IMPLICIT OBJECT IDENTIFIER 278} 279 280GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName 281 282id-x509-ce-keyUsage OBJECT IDENTIFIER ::= { id-x509-ce 15 } 283 284KeyUsage ::= BIT STRING { 285 digitalSignature (0), 286 nonRepudiation (1), 287 keyEncipherment (2), 288 dataEncipherment (3), 289 keyAgreement (4), 290 keyCertSign (5), 291 cRLSign (6), 292 encipherOnly (7), 293 decipherOnly (8) 294} 295 296id-x509-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-x509-ce 35 } 297 298KeyIdentifier ::= OCTET STRING 299 300AuthorityKeyIdentifier ::= SEQUENCE { 301 keyIdentifier [0] IMPLICIT OCTET STRING OPTIONAL, 302 authorityCertIssuer [1] IMPLICIT -- GeneralName -- 303 SEQUENCE -- SIZE (1..MAX) -- OF GeneralName OPTIONAL, 304 authorityCertSerialNumber [2] IMPLICIT INTEGER OPTIONAL 305} 306 307id-x509-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-x509-ce 14 } 308 309SubjectKeyIdentifier ::= KeyIdentifier 310 311id-x509-ce-basicConstraints OBJECT IDENTIFIER ::= { id-x509-ce 19 } 312 313BasicConstraints ::= SEQUENCE { 314 cA BOOLEAN OPTIONAL -- DEFAULT FALSE --, 315 pathLenConstraint INTEGER (0..4294967295) OPTIONAL 316} 317 318id-x509-ce-nameConstraints OBJECT IDENTIFIER ::= { id-x509-ce 30 } 319 320BaseDistance ::= INTEGER -- (0..MAX) -- 321 322GeneralSubtree ::= SEQUENCE { 323 base GeneralName, 324 minimum [0] IMPLICIT -- BaseDistance -- INTEGER OPTIONAL -- DEFAULT 0 --, 325 maximum [1] IMPLICIT -- BaseDistance -- INTEGER OPTIONAL 326} 327 328GeneralSubtrees ::= SEQUENCE -- SIZE (1..MAX) -- OF GeneralSubtree 329 330NameConstraints ::= SEQUENCE { 331 permittedSubtrees [0] IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL, 332 excludedSubtrees [1] IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL 333} 334 335id-x509-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= { id-x509-ce 16 } 336id-x509-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-x509-ce 32 } 337id-x509-ce-policyMappings OBJECT IDENTIFIER ::= { id-x509-ce 33 } 338id-x509-ce-subjectAltName OBJECT IDENTIFIER ::= { id-x509-ce 17 } 339id-x509-ce-issuerAltName OBJECT IDENTIFIER ::= { id-x509-ce 18 } 340id-x509-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-x509-ce 9 } 341id-x509-ce-policyConstraints OBJECT IDENTIFIER ::= { id-x509-ce 36 } 342 343id-x509-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-x509-ce 37} 344 345ExtKeyUsage ::= SEQUENCE OF OBJECT IDENTIFIER 346 347id-x509-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-x509-ce 31 } 348id-x509-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-x509-ce 27 } 349id-x509-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-x509-ce 28 } 350id-x509-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-x509-ce 23 } 351id-x509-ce-invalidityDate OBJECT IDENTIFIER ::= { id-x509-ce 24 } 352id-x509-ce-certificateIssuer OBJECT IDENTIFIER ::= { id-x509-ce 29 } 353id-x509-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-x509-ce 54 } 354 355DistributionPointReasonFlags ::= BIT STRING { 356 unused (0), 357 keyCompromise (1), 358 cACompromise (2), 359 affiliationChanged (3), 360 superseded (4), 361 cessationOfOperation (5), 362 certificateHold (6), 363 privilegeWithdrawn (7), 364 aACompromise (8) 365} 366 367DistributionPointName ::= CHOICE { 368 fullName [0] IMPLICIT -- GeneralNames -- SEQUENCE SIZE (1..MAX) OF GeneralName, 369 nameRelativeToCRLIssuer [1] RelativeDistinguishedName 370} 371 372DistributionPoint ::= SEQUENCE { 373 distributionPoint [0] IMPLICIT heim_any -- DistributionPointName -- OPTIONAL, 374 reasons [1] IMPLICIT heim_any -- DistributionPointReasonFlags -- OPTIONAL, 375 cRLIssuer [2] IMPLICIT heim_any -- GeneralNames -- OPTIONAL 376} 377 378CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint 379 380 381-- rfc3279 382 383DSASigValue ::= SEQUENCE { 384 r INTEGER, 385 s INTEGER 386} 387 388DSAPublicKey ::= INTEGER 389 390DSAParams ::= SEQUENCE { 391 p INTEGER, 392 q INTEGER, 393 g INTEGER 394} 395 396DSAPrivateKey ::= SEQUENCE { 397 version INTEGER (0..4294967295), 398 p INTEGER, 399 q INTEGER, 400 g INTEGER, 401 pub_key INTEGER, 402 priv_key INTEGER 403} 404 405-- draft-ietf-pkix-ecc-subpubkeyinfo-11 406 407ECPoint ::= OCTET STRING 408 409ECParameters ::= CHOICE { 410 namedCurve OBJECT IDENTIFIER 411 -- implicitCurve NULL 412 -- specifiedCurve SpecifiedECDomain 413} 414 415ECDSA-Sig-Value ::= SEQUENCE { 416 r INTEGER, 417 s INTEGER 418} 419 420-- really pkcs1 421 422RSAPublicKey ::= SEQUENCE { 423 modulus INTEGER, -- n 424 publicExponent INTEGER -- e 425} 426 427RSAPrivateKey ::= SEQUENCE { 428 version INTEGER (0..4294967295), 429 modulus INTEGER, -- n 430 publicExponent INTEGER, -- e 431 privateExponent INTEGER, -- d 432 prime1 INTEGER, -- p 433 prime2 INTEGER, -- q 434 exponent1 INTEGER, -- d mod (p-1) 435 exponent2 INTEGER, -- d mod (q-1) 436 coefficient INTEGER -- (inverse of q) mod p 437} 438 439DigestInfo ::= SEQUENCE { 440 digestAlgorithm AlgorithmIdentifier, 441 digest OCTET STRING 442} 443 444-- some ms ext 445 446-- szOID_ENROLL_CERTTYPE_EXTENSION "1.3.6.1.4.1.311.20.2" is Encoded as a 447 448-- UNICODESTRING (0x1E tag) 449 450-- szOID_CERTIFICATE_TEMPLATE "1.3.6.1.4.1.311.21.7" is Encoded as: 451 452-- TemplateVersion ::= INTEGER (0..4294967295) 453 454-- CertificateTemplate ::= SEQUENCE { 455-- templateID OBJECT IDENTIFIER, 456-- templateMajorVersion TemplateVersion, 457-- templateMinorVersion TemplateVersion OPTIONAL 458-- } 459 460 461-- 462-- CRL 463-- 464 465TBSCRLCertList ::= SEQUENCE { 466 version Version OPTIONAL, -- if present, MUST be v2 467 signature AlgorithmIdentifier, 468 issuer Name, 469 thisUpdate Time, 470 nextUpdate Time OPTIONAL, 471 revokedCertificates SEQUENCE OF SEQUENCE { 472 userCertificate CertificateSerialNumber, 473 revocationDate Time, 474 crlEntryExtensions Extensions OPTIONAL 475 -- if present, MUST be v2 476 } OPTIONAL, 477 crlExtensions [0] EXPLICIT Extensions OPTIONAL 478 -- if present, MUST be v2 479} 480 481 482CRLCertificateList ::= SEQUENCE { 483 tbsCertList TBSCRLCertList, 484 signatureAlgorithm AlgorithmIdentifier, 485 signatureValue BIT STRING 486} 487 488id-x509-ce-cRLNumber OBJECT IDENTIFIER ::= { id-x509-ce 20 } 489id-x509-ce-freshestCRL OBJECT IDENTIFIER ::= { id-x509-ce 46 } 490id-x509-ce-cRLReason OBJECT IDENTIFIER ::= { id-x509-ce 21 } 491 492CRLReason ::= ENUMERATED { 493 unspecified (0), 494 keyCompromise (1), 495 cACompromise (2), 496 affiliationChanged (3), 497 superseded (4), 498 cessationOfOperation (5), 499 certificateHold (6), 500 removeFromCRL (8), 501 privilegeWithdrawn (9), 502 aACompromise (10) 503} 504 505PKIXXmppAddr ::= UTF8String 506 507id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) 508 dod(6) internet(1) security(5) mechanisms(5) pkix(7) } 509 510id-pkix-on OBJECT IDENTIFIER ::= { id-pkix 8 } 511id-pkix-on-xmppAddr OBJECT IDENTIFIER ::= { id-pkix-on 5 } 512id-pkix-on-dnsSRV OBJECT IDENTIFIER ::= { id-pkix-on 7 } 513 514id-pkix-kp OBJECT IDENTIFIER ::= { id-pkix 3 } 515id-pkix-kp-serverAuth OBJECT IDENTIFIER ::= { id-pkix-kp 1 } 516id-pkix-kp-clientAuth OBJECT IDENTIFIER ::= { id-pkix-kp 2 } 517id-pkix-kp-emailProtection OBJECT IDENTIFIER ::= { id-pkix-kp 4 } 518id-pkix-kp-timeStamping OBJECT IDENTIFIER ::= { id-pkix-kp 8 } 519id-pkix-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-pkix-kp 9 } 520 521id-pkix-pe OBJECT IDENTIFIER ::= { id-pkix 1 } 522 523id-pkix-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pkix-pe 1 } 524 525AccessDescription ::= SEQUENCE { 526 accessMethod OBJECT IDENTIFIER, 527 accessLocation GeneralName 528} 529 530AuthorityInfoAccessSyntax ::= SEQUENCE SIZE (1..MAX) OF AccessDescription 531 532-- RFC 3820 Proxy Certificate Profile 533 534id-pkix-pe-proxyCertInfo OBJECT IDENTIFIER ::= { id-pkix-pe 14 } 535 536id-pkix-ppl OBJECT IDENTIFIER ::= { id-pkix 21 } 537 538id-pkix-ppl-anyLanguage OBJECT IDENTIFIER ::= { id-pkix-ppl 0 } 539id-pkix-ppl-inheritAll OBJECT IDENTIFIER ::= { id-pkix-ppl 1 } 540id-pkix-ppl-independent OBJECT IDENTIFIER ::= { id-pkix-ppl 2 } 541 542ProxyPolicy ::= SEQUENCE { 543 policyLanguage OBJECT IDENTIFIER, 544 policy OCTET STRING OPTIONAL 545} 546 547ProxyCertInfo ::= SEQUENCE { 548 pCPathLenConstraint INTEGER (0..4294967295) OPTIONAL, -- really MAX 549 proxyPolicy ProxyPolicy 550} 551 552--- U.S. Federal PKI Common Policy Framework 553-- Card Authentication key 554id-uspkicommon-card-id OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 6 } 555id-uspkicommon-piv-interim OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 9 1 } 556 557--- Netscape extentions 558 559id-netscape OBJECT IDENTIFIER ::= 560 { joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730) } 561id-netscape-cert-comment OBJECT IDENTIFIER ::= { id-netscape 1 13 } 562 563--- MS extentions 564 565id-ms-cert-enroll-domaincontroller OBJECT IDENTIFIER ::= 566 { 1 3 6 1 4 1 311 20 2 } 567 568id-ms-client-authentication OBJECT IDENTIFIER ::= 569 { 1 3 6 1 5 5 7 3 2 } 570 571-- DER:1e:20:00:44:00:6f:00:6d:00:61:00:69:00:6e:00:43:00:6f:00:6e:00:74:00:72:00:6f:00:6c:00:6c:00:65:00:72 572 573END 574