1-- $Id$ -- 2-- Definitions from rfc2459/rfc3280 3 4RFC2459 DEFINITIONS ::= BEGIN 5 6IMPORTS heim_any FROM heim; 7 8Version ::= INTEGER { 9 rfc3280_version_1(0), 10 rfc3280_version_2(1), 11 rfc3280_version_3(2) 12} 13 14id-pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) 15 rsadsi(113549) pkcs(1) 1 } 16id-pkcs1-rsaEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 1 } 17id-pkcs1-md2WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 2 } 18id-pkcs1-md5WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 4 } 19id-pkcs1-sha1WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 5 } 20id-pkcs1-sha256WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 11 } 21id-pkcs1-sha384WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 12 } 22id-pkcs1-sha512WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 13 } 23 24id-heim-rsa-pkcs1-x509 OBJECT IDENTIFIER ::= { 1 2 752 43 16 1 } 25 26id-pkcs-2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) 27 rsadsi(113549) pkcs(1) 2 } 28id-pkcs2-md2 OBJECT IDENTIFIER ::= { id-pkcs-2 2 } 29id-pkcs2-md4 OBJECT IDENTIFIER ::= { id-pkcs-2 4 } 30id-pkcs2-md5 OBJECT IDENTIFIER ::= { id-pkcs-2 5 } 31 32id-rsa-digestAlgorithm OBJECT IDENTIFIER ::= 33{ iso(1) member-body(2) us(840) rsadsi(113549) 2 } 34 35id-rsa-digest-md2 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 2 } 36id-rsa-digest-md4 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 4 } 37id-rsa-digest-md5 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 5 } 38 39id-pkcs-3 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) 40 rsadsi(113549) pkcs(1) 3 } 41 42id-pkcs3-rc2-cbc OBJECT IDENTIFIER ::= { id-pkcs-3 2 } 43id-pkcs3-rc4 OBJECT IDENTIFIER ::= { id-pkcs-3 4 } 44id-pkcs3-des-ede3-cbc OBJECT IDENTIFIER ::= { id-pkcs-3 7 } 45 46id-rsadsi-encalg OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) 47 rsadsi(113549) 3 } 48 49id-rsadsi-rc2-cbc OBJECT IDENTIFIER ::= { id-rsadsi-encalg 2 } 50id-rsadsi-des-ede3-cbc OBJECT IDENTIFIER ::= { id-rsadsi-encalg 7 } 51 52id-secsig-sha-1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) 53 oiw(14) secsig(3) algorithm(2) 26 } 54 55id-secsig-sha-1WithRSAEncryption OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) 56 oiw(14) secsig(3) algorithm(2) 29 } 57 58id-nistAlgorithm OBJECT IDENTIFIER ::= { 59 joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) 4 } 60 61id-nist-aes-algs OBJECT IDENTIFIER ::= { id-nistAlgorithm 1 } 62 63id-aes-128-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 2 } 64id-aes-192-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 22 } 65id-aes-256-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 42 } 66 67id-nist-sha-algs OBJECT IDENTIFIER ::= { id-nistAlgorithm 2 } 68 69id-sha256 OBJECT IDENTIFIER ::= { id-nist-sha-algs 1 } 70id-sha224 OBJECT IDENTIFIER ::= { id-nist-sha-algs 4 } 71id-sha384 OBJECT IDENTIFIER ::= { id-nist-sha-algs 2 } 72id-sha512 OBJECT IDENTIFIER ::= { id-nist-sha-algs 3 } 73 74id-dhpublicnumber OBJECT IDENTIFIER ::= { 75 iso(1) member-body(2) us(840) ansi-x942(10046) 76 number-type(2) 1 } 77 78-- ECC 79 80id-ecPublicKey OBJECT IDENTIFIER ::= { 81 iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 } 82 83id-ecDH OBJECT IDENTIFIER ::= { 84 iso(1) identified-organization(3) certicom(132) schemes(1) 85 ecdh(12) } 86 87id-ecMQV OBJECT IDENTIFIER ::= { 88 iso(1) identified-organization(3) certicom(132) schemes(1) 89 ecmqv(13) } 90 91id-ecdsa-with-SHA256 OBJECT IDENTIFIER ::= { 92 iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 93 ecdsa-with-SHA2(3) 2 } 94 95id-ecdsa-with-SHA1 OBJECT IDENTIFIER ::= { 96 iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 1 } 97 98-- some EC group ids 99 100id-ec-group-secp256r1 OBJECT IDENTIFIER ::= { 101 iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) 102 prime(1) 7 } 103 104id-ec-group-secp160r1 OBJECT IDENTIFIER ::= { 105 iso(1) identified-organization(3) certicom(132) 0 8 } 106 107id-ec-group-secp160r2 OBJECT IDENTIFIER ::= { 108 iso(1) identified-organization(3) certicom(132) 0 30 } 109 110-- DSA 111 112id-x9-57 OBJECT IDENTIFIER ::= { 113 iso(1) member-body(2) us(840) ansi-x942(10046) 4 } 114 115id-dsa OBJECT IDENTIFIER ::= { id-x9-57 1 } 116id-dsa-with-sha1 OBJECT IDENTIFIER ::= { id-x9-57 3 } 117 118-- x.520 names types 119 120id-x520-at OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) ds(5) 4 } 121 122id-at-commonName OBJECT IDENTIFIER ::= { id-x520-at 3 } 123id-at-surname OBJECT IDENTIFIER ::= { id-x520-at 4 } 124id-at-serialNumber OBJECT IDENTIFIER ::= { id-x520-at 5 } 125id-at-countryName OBJECT IDENTIFIER ::= { id-x520-at 6 } 126id-at-localityName OBJECT IDENTIFIER ::= { id-x520-at 7 } 127id-at-stateOrProvinceName OBJECT IDENTIFIER ::= { id-x520-at 8 } 128id-at-streetAddress OBJECT IDENTIFIER ::= { id-x520-at 9 } 129id-at-organizationName OBJECT IDENTIFIER ::= { id-x520-at 10 } 130id-at-organizationalUnitName OBJECT IDENTIFIER ::= { id-x520-at 11 } 131id-at-title OBJECT IDENTIFIER ::= { id-x520-at 12 } 132id-at-description OBJECT IDENTIFIER ::= { id-x520-at 13 } 133id-at-name OBJECT IDENTIFIER ::= { id-x520-at 41 } 134id-at-givenName OBJECT IDENTIFIER ::= { id-x520-at 42 } 135id-at-initials OBJECT IDENTIFIER ::= { id-x520-at 43 } 136id-at-generationQualifier OBJECT IDENTIFIER ::= { id-x520-at 44 } 137id-at-pseudonym OBJECT IDENTIFIER ::= { id-x520-at 65 } 138-- RFC 2247 139id-Userid OBJECT IDENTIFIER ::= 140 { 0 9 2342 19200300 100 1 1 } 141id-domainComponent OBJECT IDENTIFIER ::= 142 { 0 9 2342 19200300 100 1 25 } 143 144 145-- rfc3280 146 147id-x509-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29} 148 149AlgorithmIdentifier ::= SEQUENCE { 150 algorithm OBJECT IDENTIFIER, 151 parameters heim_any OPTIONAL 152} 153 154AttributeType ::= OBJECT IDENTIFIER 155 156AttributeValue ::= heim_any 157 158DirectoryString ::= CHOICE { 159 ia5String IA5String, 160 teletexString TeletexString, 161 printableString PrintableString, 162 universalString UniversalString, 163 utf8String UTF8String, 164 bmpString BMPString 165} 166 167Attribute ::= SEQUENCE { 168 type AttributeType, 169 value SET OF -- AttributeValue -- heim_any 170} 171 172AttributeTypeAndValue ::= SEQUENCE { 173 type AttributeType, 174 value DirectoryString 175} 176 177RelativeDistinguishedName ::= SET OF AttributeTypeAndValue 178 179RDNSequence ::= SEQUENCE OF RelativeDistinguishedName 180 181Name ::= CHOICE { 182 rdnSequence RDNSequence 183} 184 185CertificateSerialNumber ::= INTEGER 186 187Time ::= CHOICE { 188 utcTime UTCTime, 189 generalTime GeneralizedTime 190} 191 192Validity ::= SEQUENCE { 193 notBefore Time, 194 notAfter Time 195} 196 197UniqueIdentifier ::= BIT STRING 198 199SubjectPublicKeyInfo ::= SEQUENCE { 200 algorithm AlgorithmIdentifier, 201 subjectPublicKey BIT STRING 202} 203 204Extension ::= SEQUENCE { 205 extnID OBJECT IDENTIFIER, 206 critical BOOLEAN OPTIONAL, -- DEFAULT FALSE XXX 207 extnValue OCTET STRING 208} 209 210Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension 211 212TBSCertificate ::= SEQUENCE { 213 version [0] Version OPTIONAL, -- EXPLICIT nnn DEFAULT 1, 214 serialNumber CertificateSerialNumber, 215 signature AlgorithmIdentifier, 216 issuer Name, 217 validity Validity, 218 subject Name, 219 subjectPublicKeyInfo SubjectPublicKeyInfo, 220 issuerUniqueID [1] IMPLICIT BIT STRING -- UniqueIdentifier -- OPTIONAL, 221 -- If present, version shall be v2 or v3 222 subjectUniqueID [2] IMPLICIT BIT STRING -- UniqueIdentifier -- OPTIONAL, 223 -- If present, version shall be v2 or v3 224 extensions [3] EXPLICIT Extensions OPTIONAL 225 -- If present, version shall be v3 226} 227 228Certificate ::= SEQUENCE { 229 tbsCertificate TBSCertificate, 230 signatureAlgorithm AlgorithmIdentifier, 231 signatureValue BIT STRING 232} 233 234Certificates ::= SEQUENCE OF Certificate 235 236ValidationParms ::= SEQUENCE { 237 seed BIT STRING, 238 pgenCounter INTEGER 239} 240 241DomainParameters ::= SEQUENCE { 242 p INTEGER, -- odd prime, p=jq +1 243 g INTEGER, -- generator, g 244 q INTEGER, -- factor of p-1 245 j INTEGER OPTIONAL, -- subgroup factor 246 validationParms ValidationParms OPTIONAL -- ValidationParms 247} 248 249-- As defined by PKCS3 250DHParameter ::= SEQUENCE { 251 prime INTEGER, -- odd prime, p=jq +1 252 base INTEGER, -- generator, g 253 privateValueLength INTEGER OPTIONAL 254} 255 256DHPublicKey ::= INTEGER 257 258OtherName ::= SEQUENCE { 259 type-id OBJECT IDENTIFIER, 260 value [0] EXPLICIT heim_any 261} 262 263GeneralName ::= CHOICE { 264 otherName [0] IMPLICIT -- OtherName -- SEQUENCE { 265 type-id OBJECT IDENTIFIER, 266 value [0] EXPLICIT heim_any 267 }, 268 rfc822Name [1] IMPLICIT IA5String, 269 dNSName [2] IMPLICIT IA5String, 270-- x400Address [3] IMPLICIT ORAddress,-- 271 directoryName [4] IMPLICIT -- Name -- CHOICE { 272 rdnSequence RDNSequence 273 }, 274-- ediPartyName [5] IMPLICIT EDIPartyName, -- 275 uniformResourceIdentifier [6] IMPLICIT IA5String, 276 iPAddress [7] IMPLICIT OCTET STRING, 277 registeredID [8] IMPLICIT OBJECT IDENTIFIER 278} 279 280GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName 281 282id-x509-ce-keyUsage OBJECT IDENTIFIER ::= { id-x509-ce 15 } 283 284KeyUsage ::= BIT STRING { 285 digitalSignature (0), 286 nonRepudiation (1), 287 keyEncipherment (2), 288 dataEncipherment (3), 289 keyAgreement (4), 290 keyCertSign (5), 291 cRLSign (6), 292 encipherOnly (7), 293 decipherOnly (8) 294} 295 296id-x509-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-x509-ce 35 } 297 298KeyIdentifier ::= OCTET STRING 299 300AuthorityKeyIdentifier ::= SEQUENCE { 301 keyIdentifier [0] IMPLICIT OCTET STRING OPTIONAL, 302 authorityCertIssuer [1] IMPLICIT -- GeneralName -- 303 SEQUENCE -- SIZE (1..MAX) -- OF GeneralName OPTIONAL, 304 authorityCertSerialNumber [2] IMPLICIT INTEGER OPTIONAL 305} 306 307id-x509-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-x509-ce 14 } 308 309SubjectKeyIdentifier ::= KeyIdentifier 310 311id-x509-ce-basicConstraints OBJECT IDENTIFIER ::= { id-x509-ce 19 } 312 313BasicConstraints ::= SEQUENCE { 314 cA BOOLEAN OPTIONAL -- DEFAULT FALSE --, 315 pathLenConstraint INTEGER (0..4294967295) OPTIONAL 316} 317 318id-x509-ce-nameConstraints OBJECT IDENTIFIER ::= { id-x509-ce 30 } 319 320BaseDistance ::= INTEGER -- (0..MAX) -- 321 322GeneralSubtree ::= SEQUENCE { 323 base GeneralName, 324 minimum [0] IMPLICIT -- BaseDistance -- INTEGER OPTIONAL -- DEFAULT 0 --, 325 maximum [1] IMPLICIT -- BaseDistance -- INTEGER OPTIONAL 326} 327 328GeneralSubtrees ::= SEQUENCE -- SIZE (1..MAX) -- OF GeneralSubtree 329 330NameConstraints ::= SEQUENCE { 331 permittedSubtrees [0] IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL, 332 excludedSubtrees [1] IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL 333} 334 335id-x509-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= { id-x509-ce 16 } 336id-x509-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-x509-ce 32 } 337id-x509-ce-policyMappings OBJECT IDENTIFIER ::= { id-x509-ce 33 } 338id-x509-ce-subjectAltName OBJECT IDENTIFIER ::= { id-x509-ce 17 } 339id-x509-ce-issuerAltName OBJECT IDENTIFIER ::= { id-x509-ce 18 } 340id-x509-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-x509-ce 9 } 341id-x509-ce-policyConstraints OBJECT IDENTIFIER ::= { id-x509-ce 36 } 342 343id-x509-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-x509-ce 37} 344 345ExtKeyUsage ::= SEQUENCE OF OBJECT IDENTIFIER 346 347id-x509-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-x509-ce 31 } 348id-x509-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-x509-ce 27 } 349id-x509-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-x509-ce 28 } 350id-x509-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-x509-ce 23 } 351id-x509-ce-invalidityDate OBJECT IDENTIFIER ::= { id-x509-ce 24 } 352id-x509-ce-certificateIssuer OBJECT IDENTIFIER ::= { id-x509-ce 29 } 353id-x509-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-x509-ce 54 } 354 355DistributionPointReasonFlags ::= BIT STRING { 356 unused (0), 357 keyCompromise (1), 358 cACompromise (2), 359 affiliationChanged (3), 360 superseded (4), 361 cessationOfOperation (5), 362 certificateHold (6), 363 privilegeWithdrawn (7), 364 aACompromise (8) 365} 366 367DistributionPointName ::= CHOICE { 368 fullName [0] IMPLICIT -- GeneralNames -- SEQUENCE SIZE (1..MAX) OF GeneralName, 369 nameRelativeToCRLIssuer [1] RelativeDistinguishedName 370} 371 372DistributionPoint ::= SEQUENCE { 373 distributionPoint [0] IMPLICIT heim_any -- DistributionPointName -- OPTIONAL, 374 reasons [1] IMPLICIT heim_any -- DistributionPointReasonFlags -- OPTIONAL, 375 cRLIssuer [2] IMPLICIT heim_any -- GeneralNames -- OPTIONAL 376} 377 378CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint 379 380 381-- rfc3279 382 383DSASigValue ::= SEQUENCE { 384 r INTEGER, 385 s INTEGER 386} 387 388DSAPublicKey ::= INTEGER 389 390DSAParams ::= SEQUENCE { 391 p INTEGER, 392 q INTEGER, 393 g INTEGER 394} 395 396-- draft-ietf-pkix-ecc-subpubkeyinfo-11 397 398ECPoint ::= OCTET STRING 399 400ECParameters ::= CHOICE { 401 namedCurve OBJECT IDENTIFIER 402 -- implicitCurve NULL 403 -- specifiedCurve SpecifiedECDomain 404} 405 406ECDSA-Sig-Value ::= SEQUENCE { 407 r INTEGER, 408 s INTEGER 409} 410 411-- really pkcs1 412 413RSAPublicKey ::= SEQUENCE { 414 modulus INTEGER, -- n 415 publicExponent INTEGER -- e 416} 417 418RSAPrivateKey ::= SEQUENCE { 419 version INTEGER (0..4294967295), 420 modulus INTEGER, -- n 421 publicExponent INTEGER, -- e 422 privateExponent INTEGER, -- d 423 prime1 INTEGER, -- p 424 prime2 INTEGER, -- q 425 exponent1 INTEGER, -- d mod (p-1) 426 exponent2 INTEGER, -- d mod (q-1) 427 coefficient INTEGER -- (inverse of q) mod p 428} 429 430DigestInfo ::= SEQUENCE { 431 digestAlgorithm AlgorithmIdentifier, 432 digest OCTET STRING 433} 434 435-- some ms ext 436 437-- szOID_ENROLL_CERTTYPE_EXTENSION "1.3.6.1.4.1.311.20.2" is Encoded as a 438 439-- UNICODESTRING (0x1E tag) 440 441-- szOID_CERTIFICATE_TEMPLATE "1.3.6.1.4.1.311.21.7" is Encoded as: 442 443-- TemplateVersion ::= INTEGER (0..4294967295) 444 445-- CertificateTemplate ::= SEQUENCE { 446-- templateID OBJECT IDENTIFIER, 447-- templateMajorVersion TemplateVersion, 448-- templateMinorVersion TemplateVersion OPTIONAL 449-- } 450 451 452-- 453-- CRL 454-- 455 456TBSCRLCertList ::= SEQUENCE { 457 version Version OPTIONAL, -- if present, MUST be v2 458 signature AlgorithmIdentifier, 459 issuer Name, 460 thisUpdate Time, 461 nextUpdate Time OPTIONAL, 462 revokedCertificates SEQUENCE OF SEQUENCE { 463 userCertificate CertificateSerialNumber, 464 revocationDate Time, 465 crlEntryExtensions Extensions OPTIONAL 466 -- if present, MUST be v2 467 } OPTIONAL, 468 crlExtensions [0] EXPLICIT Extensions OPTIONAL 469 -- if present, MUST be v2 470} 471 472 473CRLCertificateList ::= SEQUENCE { 474 tbsCertList TBSCRLCertList, 475 signatureAlgorithm AlgorithmIdentifier, 476 signatureValue BIT STRING 477} 478 479id-x509-ce-cRLNumber OBJECT IDENTIFIER ::= { id-x509-ce 20 } 480id-x509-ce-freshestCRL OBJECT IDENTIFIER ::= { id-x509-ce 46 } 481id-x509-ce-cRLReason OBJECT IDENTIFIER ::= { id-x509-ce 21 } 482 483CRLReason ::= ENUMERATED { 484 unspecified (0), 485 keyCompromise (1), 486 cACompromise (2), 487 affiliationChanged (3), 488 superseded (4), 489 cessationOfOperation (5), 490 certificateHold (6), 491 removeFromCRL (8), 492 privilegeWithdrawn (9), 493 aACompromise (10) 494} 495 496PKIXXmppAddr ::= UTF8String 497 498id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) 499 dod(6) internet(1) security(5) mechanisms(5) pkix(7) } 500 501id-pkix-on OBJECT IDENTIFIER ::= { id-pkix 8 } 502id-pkix-on-xmppAddr OBJECT IDENTIFIER ::= { id-pkix-on 5 } 503id-pkix-on-dnsSRV OBJECT IDENTIFIER ::= { id-pkix-on 7 } 504 505id-pkix-kp OBJECT IDENTIFIER ::= { id-pkix 3 } 506id-pkix-kp-serverAuth OBJECT IDENTIFIER ::= { id-pkix-kp 1 } 507id-pkix-kp-clientAuth OBJECT IDENTIFIER ::= { id-pkix-kp 2 } 508id-pkix-kp-emailProtection OBJECT IDENTIFIER ::= { id-pkix-kp 4 } 509id-pkix-kp-timeStamping OBJECT IDENTIFIER ::= { id-pkix-kp 8 } 510id-pkix-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-pkix-kp 9 } 511 512id-pkix-pe OBJECT IDENTIFIER ::= { id-pkix 1 } 513 514id-pkix-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pkix-pe 1 } 515 516AccessDescription ::= SEQUENCE { 517 accessMethod OBJECT IDENTIFIER, 518 accessLocation GeneralName 519} 520 521AuthorityInfoAccessSyntax ::= SEQUENCE SIZE (1..MAX) OF AccessDescription 522 523-- RFC 3820 Proxy Certificate Profile 524 525id-pkix-pe-proxyCertInfo OBJECT IDENTIFIER ::= { id-pkix-pe 14 } 526 527id-pkix-ppl OBJECT IDENTIFIER ::= { id-pkix 21 } 528 529id-pkix-ppl-anyLanguage OBJECT IDENTIFIER ::= { id-pkix-ppl 0 } 530id-pkix-ppl-inheritAll OBJECT IDENTIFIER ::= { id-pkix-ppl 1 } 531id-pkix-ppl-independent OBJECT IDENTIFIER ::= { id-pkix-ppl 2 } 532 533ProxyPolicy ::= SEQUENCE { 534 policyLanguage OBJECT IDENTIFIER, 535 policy OCTET STRING OPTIONAL 536} 537 538ProxyCertInfo ::= SEQUENCE { 539 pCPathLenConstraint INTEGER (0..4294967295) OPTIONAL, -- really MAX 540 proxyPolicy ProxyPolicy 541} 542 543--- U.S. Federal PKI Common Policy Framework 544-- Card Authentication key 545id-uspkicommon-card-id OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 6 } 546id-uspkicommon-piv-interim OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 9 1 } 547 548--- Netscape extentions 549 550id-netscape OBJECT IDENTIFIER ::= 551 { joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730) } 552id-netscape-cert-comment OBJECT IDENTIFIER ::= { id-netscape 1 13 } 553 554--- MS extentions 555 556id-ms-cert-enroll-domaincontroller OBJECT IDENTIFIER ::= 557 { 1 3 6 1 4 1 311 20 2 } 558 559id-ms-client-authentication OBJECT IDENTIFIER ::= 560 { 1 3 6 1 5 5 7 3 2 } 561 562-- DER:1e:20:00:44:00:6f:00:6d:00:61:00:69:00:6e:00:43:00:6f:00:6e:00:74:00:72:00:6f:00:6c:00:6c:00:65:00:72 563 564END 565