| blob | 9794ca1514f5d7ee2be313cea25e52a962acb79a |
1 -- $Id$ --
2 -- Definitions from rfc2459/rfc3280
4 RFC2459 DEFINITIONS ::= BEGIN
6 IMPORTS heim_any FROM heim;
8 Version ::= INTEGER {
9 rfc3280_version_1(0),
10 rfc3280_version_2(1),
11 rfc3280_version_3(2)
12 }
14 id-pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
15 rsadsi(113549) pkcs(1) 1 }
16 id-pkcs1-rsaEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 1 }
17 id-pkcs1-md2WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 2 }
18 id-pkcs1-md5WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 4 }
19 id-pkcs1-sha1WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 5 }
20 id-pkcs1-sha256WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 11 }
21 id-pkcs1-sha384WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 12 }
22 id-pkcs1-sha512WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 13 }
24 id-heim-rsa-pkcs1-x509 OBJECT IDENTIFIER ::= { 1 2 752 43 16 1 }
26 id-pkcs-2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
27 rsadsi(113549) pkcs(1) 2 }
28 id-pkcs2-md2 OBJECT IDENTIFIER ::= { id-pkcs-2 2 }
29 id-pkcs2-md4 OBJECT IDENTIFIER ::= { id-pkcs-2 4 }
30 id-pkcs2-md5 OBJECT IDENTIFIER ::= { id-pkcs-2 5 }
32 id-rsa-digestAlgorithm OBJECT IDENTIFIER ::=
33 { iso(1) member-body(2) us(840) rsadsi(113549) 2 }
35 id-rsa-digest-md2 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 2 }
36 id-rsa-digest-md4 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 4 }
37 id-rsa-digest-md5 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 5 }
39 id-pkcs-3 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
40 rsadsi(113549) pkcs(1) 3 }
42 id-pkcs3-rc2-cbc OBJECT IDENTIFIER ::= { id-pkcs-3 2 }
43 id-pkcs3-rc4 OBJECT IDENTIFIER ::= { id-pkcs-3 4 }
44 id-pkcs3-des-ede3-cbc OBJECT IDENTIFIER ::= { id-pkcs-3 7 }
46 id-rsadsi-encalg OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
47 rsadsi(113549) 3 }
49 id-rsadsi-rc2-cbc OBJECT IDENTIFIER ::= { id-rsadsi-encalg 2 }
50 id-rsadsi-des-ede3-cbc OBJECT IDENTIFIER ::= { id-rsadsi-encalg 7 }
52 id-secsig-sha-1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
53 oiw(14) secsig(3) algorithm(2) 26 }
55 id-nistAlgorithm OBJECT IDENTIFIER ::= {
56 joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) 4 }
58 id-nist-aes-algs OBJECT IDENTIFIER ::= { id-nistAlgorithm 1 }
60 id-aes-128-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 2 }
61 id-aes-192-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 22 }
62 id-aes-256-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 42 }
64 id-nist-sha-algs OBJECT IDENTIFIER ::= { id-nistAlgorithm 2 }
66 id-sha256 OBJECT IDENTIFIER ::= { id-nist-sha-algs 1 }
67 id-sha224 OBJECT IDENTIFIER ::= { id-nist-sha-algs 4 }
68 id-sha384 OBJECT IDENTIFIER ::= { id-nist-sha-algs 2 }
69 id-sha512 OBJECT IDENTIFIER ::= { id-nist-sha-algs 3 }
71 id-dhpublicnumber OBJECT IDENTIFIER ::= {
72 iso(1) member-body(2) us(840) ansi-x942(10046)
73 number-type(2) 1 }
75 -- ECC
77 id-ecPublicKey OBJECT IDENTIFIER ::= {
78 iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 }
80 id-ecDH OBJECT IDENTIFIER ::= {
81 iso(1) identified-organization(3) certicom(132) schemes(1)
82 ecdh(12) }
84 id-ecMQV OBJECT IDENTIFIER ::= {
85 iso(1) identified-organization(3) certicom(132) schemes(1)
86 ecmqv(13) }
88 id-ecdsa-with-SHA256 OBJECT IDENTIFIER ::= {
89 iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
90 ecdsa-with-SHA2(3) 2 }
92 id-ecdsa-with-SHA1 OBJECT IDENTIFIER ::= {
93 iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 1 }
95 -- some EC group ids
97 id-ec-group-secp256r1 OBJECT IDENTIFIER ::= {
98 iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3)
99 prime(1) 7 }
101 id-ec-group-secp160r1 OBJECT IDENTIFIER ::= {
102 iso(1) identified-organization(3) certicom(132) 0 8 }
104 id-ec-group-secp160r2 OBJECT IDENTIFIER ::= {
105 iso(1) identified-organization(3) certicom(132) 0 30 }
107 -- DSA
109 id-x9-57 OBJECT IDENTIFIER ::= {
110 iso(1) member-body(2) us(840) ansi-x942(10046) 4 }
112 id-dsa OBJECT IDENTIFIER ::= { id-x9-57 1 }
113 id-dsa-with-sha1 OBJECT IDENTIFIER ::= { id-x9-57 3 }
115 -- x.520 names types
117 id-x520-at OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) ds(5) 4 }
119 id-at-commonName OBJECT IDENTIFIER ::= { id-x520-at 3 }
120 id-at-surname OBJECT IDENTIFIER ::= { id-x520-at 4 }
121 id-at-serialNumber OBJECT IDENTIFIER ::= { id-x520-at 5 }
122 id-at-countryName OBJECT IDENTIFIER ::= { id-x520-at 6 }
123 id-at-localityName OBJECT IDENTIFIER ::= { id-x520-at 7 }
124 id-at-stateOrProvinceName OBJECT IDENTIFIER ::= { id-x520-at 8 }
125 id-at-streetAddress OBJECT IDENTIFIER ::= { id-x520-at 9 }
126 id-at-organizationName OBJECT IDENTIFIER ::= { id-x520-at 10 }
127 id-at-organizationalUnitName OBJECT IDENTIFIER ::= { id-x520-at 11 }
128 id-at-name OBJECT IDENTIFIER ::= { id-x520-at 41 }
129 id-at-givenName OBJECT IDENTIFIER ::= { id-x520-at 42 }
130 id-at-initials OBJECT IDENTIFIER ::= { id-x520-at 43 }
131 id-at-generationQualifier OBJECT IDENTIFIER ::= { id-x520-at 44 }
132 id-at-pseudonym OBJECT IDENTIFIER ::= { id-x520-at 65 }
133 -- RFC 2247
134 id-Userid OBJECT IDENTIFIER ::=
135 { 0 9 2342 19200300 100 1 1 }
136 id-domainComponent OBJECT IDENTIFIER ::=
137 { 0 9 2342 19200300 100 1 25 }
140 -- rfc3280
142 id-x509-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29}
144 AlgorithmIdentifier ::= SEQUENCE {
145 algorithm OBJECT IDENTIFIER,
146 parameters heim_any OPTIONAL
147 }
149 AttributeType ::= OBJECT IDENTIFIER
151 AttributeValue ::= heim_any
153 DirectoryString ::= CHOICE {
154 ia5String IA5String,
155 teletexString TeletexString,
156 printableString PrintableString,
157 universalString UniversalString,
158 utf8String UTF8String,
159 bmpString BMPString
160 }
162 Attribute ::= SEQUENCE {
163 type AttributeType,
164 value SET OF -- AttributeValue -- heim_any
165 }
167 AttributeTypeAndValue ::= SEQUENCE {
168 type AttributeType,
169 value DirectoryString
170 }
172 RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
174 RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
176 Name ::= CHOICE {
177 rdnSequence RDNSequence
178 }
180 CertificateSerialNumber ::= INTEGER
182 Time ::= CHOICE {
183 utcTime UTCTime,
184 generalTime GeneralizedTime
185 }
187 Validity ::= SEQUENCE {
188 notBefore Time,
189 notAfter Time
190 }
192 UniqueIdentifier ::= BIT STRING
194 SubjectPublicKeyInfo ::= SEQUENCE {
195 algorithm AlgorithmIdentifier,
196 subjectPublicKey BIT STRING
197 }
199 Extension ::= SEQUENCE {
200 extnID OBJECT IDENTIFIER,
201 critical BOOLEAN OPTIONAL, -- DEFAULT FALSE XXX
202 extnValue OCTET STRING
203 }
205 Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
207 TBSCertificate ::= SEQUENCE {
208 version [0] Version OPTIONAL, -- EXPLICIT nnn DEFAULT 1,
209 serialNumber CertificateSerialNumber,
210 signature AlgorithmIdentifier,
211 issuer Name,
212 validity Validity,
213 subject Name,
214 subjectPublicKeyInfo SubjectPublicKeyInfo,
215 issuerUniqueID [1] IMPLICIT BIT STRING -- UniqueIdentifier -- OPTIONAL,
216 -- If present, version shall be v2 or v3
217 subjectUniqueID [2] IMPLICIT BIT STRING -- UniqueIdentifier -- OPTIONAL,
218 -- If present, version shall be v2 or v3
219 extensions [3] EXPLICIT Extensions OPTIONAL
220 -- If present, version shall be v3
221 }
223 Certificate ::= SEQUENCE {
224 tbsCertificate TBSCertificate,
225 signatureAlgorithm AlgorithmIdentifier,
226 signatureValue BIT STRING
227 }
229 Certificates ::= SEQUENCE OF Certificate
231 ValidationParms ::= SEQUENCE {
232 seed BIT STRING,
233 pgenCounter INTEGER
234 }
236 DomainParameters ::= SEQUENCE {
237 p INTEGER, -- odd prime, p=jq +1
238 g INTEGER, -- generator, g
239 q INTEGER, -- factor of p-1
240 j INTEGER OPTIONAL, -- subgroup factor
241 validationParms ValidationParms OPTIONAL -- ValidationParms
242 }
244 DHPublicKey ::= INTEGER
246 OtherName ::= SEQUENCE {
247 type-id OBJECT IDENTIFIER,
248 value [0] EXPLICIT heim_any
249 }
251 GeneralName ::= CHOICE {
252 otherName [0] IMPLICIT -- OtherName -- SEQUENCE {
253 type-id OBJECT IDENTIFIER,
254 value [0] EXPLICIT heim_any
255 },
256 rfc822Name [1] IMPLICIT IA5String,
257 dNSName [2] IMPLICIT IA5String,
258 -- x400Address [3] IMPLICIT ORAddress,--
259 directoryName [4] IMPLICIT -- Name -- CHOICE {
260 rdnSequence RDNSequence
261 },
262 -- ediPartyName [5] IMPLICIT EDIPartyName, --
263 uniformResourceIdentifier [6] IMPLICIT IA5String,
264 iPAddress [7] IMPLICIT OCTET STRING,
265 registeredID [8] IMPLICIT OBJECT IDENTIFIER
266 }
268 GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
270 id-x509-ce-keyUsage OBJECT IDENTIFIER ::= { id-x509-ce 15 }
272 KeyUsage ::= BIT STRING {
273 digitalSignature (0),
274 nonRepudiation (1),
275 keyEncipherment (2),
276 dataEncipherment (3),
277 keyAgreement (4),
278 keyCertSign (5),
279 cRLSign (6),
280 encipherOnly (7),
281 decipherOnly (8)
282 }
284 id-x509-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-x509-ce 35 }
286 KeyIdentifier ::= OCTET STRING
288 AuthorityKeyIdentifier ::= SEQUENCE {
289 keyIdentifier [0] IMPLICIT OCTET STRING OPTIONAL,
290 authorityCertIssuer [1] IMPLICIT -- GeneralName --
291 SEQUENCE -- SIZE (1..MAX) -- OF GeneralName OPTIONAL,
292 authorityCertSerialNumber [2] IMPLICIT INTEGER OPTIONAL
293 }
295 id-x509-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-x509-ce 14 }
297 SubjectKeyIdentifier ::= KeyIdentifier
299 id-x509-ce-basicConstraints OBJECT IDENTIFIER ::= { id-x509-ce 19 }
301 BasicConstraints ::= SEQUENCE {
302 cA BOOLEAN OPTIONAL -- DEFAULT FALSE --,
303 pathLenConstraint INTEGER (0..4294967295) OPTIONAL
304 }
306 id-x509-ce-nameConstraints OBJECT IDENTIFIER ::= { id-x509-ce 30 }
308 BaseDistance ::= INTEGER -- (0..MAX) --
310 GeneralSubtree ::= SEQUENCE {
311 base GeneralName,
312 minimum [0] IMPLICIT -- BaseDistance -- INTEGER OPTIONAL -- DEFAULT 0 --,
313 maximum [1] IMPLICIT -- BaseDistance -- INTEGER OPTIONAL
314 }
316 GeneralSubtrees ::= SEQUENCE -- SIZE (1..MAX) -- OF GeneralSubtree
318 NameConstraints ::= SEQUENCE {
319 permittedSubtrees [0] IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL,
320 excludedSubtrees [1] IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL
321 }
323 id-x509-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= { id-x509-ce 16 }
324 id-x509-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-x509-ce 32 }
325 id-x509-ce-policyMappings OBJECT IDENTIFIER ::= { id-x509-ce 33 }
326 id-x509-ce-subjectAltName OBJECT IDENTIFIER ::= { id-x509-ce 17 }
327 id-x509-ce-issuerAltName OBJECT IDENTIFIER ::= { id-x509-ce 18 }
328 id-x509-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-x509-ce 9 }
329 id-x509-ce-policyConstraints OBJECT IDENTIFIER ::= { id-x509-ce 36 }
331 id-x509-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-x509-ce 37}
333 ExtKeyUsage ::= SEQUENCE OF OBJECT IDENTIFIER
335 id-x509-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-x509-ce 31 }
336 id-x509-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-x509-ce 27 }
337 id-x509-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-x509-ce 28 }
338 id-x509-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-x509-ce 23 }
339 id-x509-ce-invalidityDate OBJECT IDENTIFIER ::= { id-x509-ce 24 }
340 id-x509-ce-certificateIssuer OBJECT IDENTIFIER ::= { id-x509-ce 29 }
341 id-x509-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-x509-ce 54 }
343 DistributionPointReasonFlags ::= BIT STRING {
344 unused (0),
345 keyCompromise (1),
346 cACompromise (2),
347 affiliationChanged (3),
348 superseded (4),
349 cessationOfOperation (5),
350 certificateHold (6),
351 privilegeWithdrawn (7),
352 aACompromise (8)
353 }
355 DistributionPointName ::= CHOICE {
356 fullName [0] IMPLICIT -- GeneralNames -- SEQUENCE SIZE (1..MAX) OF GeneralName,
357 nameRelativeToCRLIssuer [1] RelativeDistinguishedName
358 }
360 DistributionPoint ::= SEQUENCE {
361 distributionPoint [0] IMPLICIT heim_any -- DistributionPointName -- OPTIONAL,
362 reasons [1] IMPLICIT heim_any -- DistributionPointReasonFlags -- OPTIONAL,
363 cRLIssuer [2] IMPLICIT heim_any -- GeneralNames -- OPTIONAL
364 }
366 CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
369 -- rfc3279
371 DSASigValue ::= SEQUENCE {
372 r INTEGER,
373 s INTEGER
374 }
376 DSAPublicKey ::= INTEGER
378 DSAParams ::= SEQUENCE {
379 p INTEGER,
380 q INTEGER,
381 g INTEGER
382 }
384 -- draft-ietf-pkix-ecc-subpubkeyinfo-11
386 ECPoint ::= OCTET STRING
388 ECParameters ::= CHOICE {
389 namedCurve OBJECT IDENTIFIER
390 -- implicitCurve NULL
391 -- specifiedCurve SpecifiedECDomain
392 }
394 ECDSA-Sig-Value ::= SEQUENCE {
395 r INTEGER,
396 s INTEGER
397 }
399 -- really pkcs1
401 RSAPublicKey ::= SEQUENCE {
402 modulus INTEGER, -- n
403 publicExponent INTEGER -- e
404 }
406 RSAPrivateKey ::= SEQUENCE {
407 version INTEGER (0..4294967295),
408 modulus INTEGER, -- n
409 publicExponent INTEGER, -- e
410 privateExponent INTEGER, -- d
411 prime1 INTEGER, -- p
412 prime2 INTEGER, -- q
413 exponent1 INTEGER, -- d mod (p-1)
414 exponent2 INTEGER, -- d mod (q-1)
415 coefficient INTEGER -- (inverse of q) mod p
416 }
418 DigestInfo ::= SEQUENCE {
419 digestAlgorithm AlgorithmIdentifier,
420 digest OCTET STRING
421 }
423 -- some ms ext
425 -- szOID_ENROLL_CERTTYPE_EXTENSION "1.3.6.1.4.1.311.20.2" is Encoded as a
427 -- UNICODESTRING (0x1E tag)
429 -- szOID_CERTIFICATE_TEMPLATE "1.3.6.1.4.1.311.21.7" is Encoded as:
431 -- TemplateVersion ::= INTEGER (0..4294967295)
433 -- CertificateTemplate ::= SEQUENCE {
434 -- templateID OBJECT IDENTIFIER,
435 -- templateMajorVersion TemplateVersion,
436 -- templateMinorVersion TemplateVersion OPTIONAL
437 -- }
440 --
441 -- CRL
442 --
444 TBSCRLCertList ::= SEQUENCE {
445 version Version OPTIONAL, -- if present, MUST be v2
446 signature AlgorithmIdentifier,
447 issuer Name,
448 thisUpdate Time,
449 nextUpdate Time OPTIONAL,
450 revokedCertificates SEQUENCE OF SEQUENCE {
451 userCertificate CertificateSerialNumber,
452 revocationDate Time,
453 crlEntryExtensions Extensions OPTIONAL
454 -- if present, MUST be v2
455 } OPTIONAL,
456 crlExtensions [0] EXPLICIT Extensions OPTIONAL
457 -- if present, MUST be v2
458 }
461 CRLCertificateList ::= SEQUENCE {
462 tbsCertList TBSCRLCertList,
463 signatureAlgorithm AlgorithmIdentifier,
464 signatureValue BIT STRING
465 }
467 id-x509-ce-cRLNumber OBJECT IDENTIFIER ::= { id-x509-ce 20 }
468 id-x509-ce-freshestCRL OBJECT IDENTIFIER ::= { id-x509-ce 46 }
469 id-x509-ce-cRLReason OBJECT IDENTIFIER ::= { id-x509-ce 21 }
471 CRLReason ::= ENUMERATED {
472 unspecified (0),
473 keyCompromise (1),
474 cACompromise (2),
475 affiliationChanged (3),
476 superseded (4),
477 cessationOfOperation (5),
478 certificateHold (6),
479 removeFromCRL (8),
480 privilegeWithdrawn (9),
481 aACompromise (10)
482 }
484 PKIXXmppAddr ::= UTF8String
486 id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
487 dod(6) internet(1) security(5) mechanisms(5) pkix(7) }
489 id-pkix-on OBJECT IDENTIFIER ::= { id-pkix 8 }
490 id-pkix-on-xmppAddr OBJECT IDENTIFIER ::= { id-pkix-on 5 }
491 id-pkix-on-dnsSRV OBJECT IDENTIFIER ::= { id-pkix-on 7 }
493 id-pkix-kp OBJECT IDENTIFIER ::= { id-pkix 3 }
494 id-pkix-kp-serverAuth OBJECT IDENTIFIER ::= { id-pkix-kp 1 }
495 id-pkix-kp-clientAuth OBJECT IDENTIFIER ::= { id-pkix-kp 2 }
496 id-pkix-kp-emailProtection OBJECT IDENTIFIER ::= { id-pkix-kp 4 }
497 id-pkix-kp-timeStamping OBJECT IDENTIFIER ::= { id-pkix-kp 8 }
498 id-pkix-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-pkix-kp 9 }
500 id-pkix-pe OBJECT IDENTIFIER ::= { id-pkix 1 }
502 id-pkix-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pkix-pe 1 }
504 AccessDescription ::= SEQUENCE {
505 accessMethod OBJECT IDENTIFIER,
506 accessLocation GeneralName
507 }
509 AuthorityInfoAccessSyntax ::= SEQUENCE SIZE (1..MAX) OF AccessDescription
511 -- RFC 3820 Proxy Certificate Profile
513 id-pkix-pe-proxyCertInfo OBJECT IDENTIFIER ::= { id-pkix-pe 14 }
515 id-pkix-ppl OBJECT IDENTIFIER ::= { id-pkix 21 }
517 id-pkix-ppl-anyLanguage OBJECT IDENTIFIER ::= { id-pkix-ppl 0 }
518 id-pkix-ppl-inheritAll OBJECT IDENTIFIER ::= { id-pkix-ppl 1 }
519 id-pkix-ppl-independent OBJECT IDENTIFIER ::= { id-pkix-ppl 2 }
521 ProxyPolicy ::= SEQUENCE {
522 policyLanguage OBJECT IDENTIFIER,
523 policy OCTET STRING OPTIONAL
524 }
526 ProxyCertInfo ::= SEQUENCE {
527 pCPathLenConstraint INTEGER (0..4294967295) OPTIONAL, -- really MAX
528 proxyPolicy ProxyPolicy
529 }
531 --- U.S. Federal PKI Common Policy Framework
532 -- Card Authentication key
533 id-uspkicommon-card-id OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 6 }
534 id-uspkicommon-piv-interim OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 9 1 }
536 --- Netscape extentions
538 id-netscape OBJECT IDENTIFIER ::=
539 { joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730) }
540 id-netscape-cert-comment OBJECT IDENTIFIER ::= { id-netscape 1 13 }
542 --- MS extentions
544 id-ms-cert-enroll-domaincontroller OBJECT IDENTIFIER ::=
545 { 1 3 6 1 4 1 311 20 2 }
547 id-ms-client-authentication OBJECT IDENTIFIER ::=
548 { 1 3 6 1 5 5 7 3 2 }
550 -- DER:1e:20:00:44:00:6f:00:6d:00:61:00:69:00:6e:00:43:00:6f:00:6e:00:74:00:72:00:6f:00:6c:00:6c:00:65:00:72
552 END