| blob | 51cac55cc032906ac76c7472420b77daa8aec9e1 |
1 -- $Id$ --
2 -- Definitions from rfc2459/rfc3280
4 RFC2459 DEFINITIONS ::= BEGIN
6 IMPORTS heim_any FROM heim;
8 Version ::= INTEGER {
9 rfc3280_version_1(0),
10 rfc3280_version_2(1),
11 rfc3280_version_3(2)
12 }
14 id-pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
15 rsadsi(113549) pkcs(1) 1 }
16 id-pkcs1-rsaEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 1 }
17 id-pkcs1-md2WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 2 }
18 id-pkcs1-md5WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 4 }
19 id-pkcs1-sha1WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 5 }
20 id-pkcs1-sha256WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 11 }
21 id-pkcs1-sha384WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 12 }
22 id-pkcs1-sha512WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 13 }
24 id-heim-rsa-pkcs1-x509 OBJECT IDENTIFIER ::= { 1 2 752 43 16 1 }
26 id-pkcs-2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
27 rsadsi(113549) pkcs(1) 2 }
28 id-pkcs2-md2 OBJECT IDENTIFIER ::= { id-pkcs-2 2 }
29 id-pkcs2-md4 OBJECT IDENTIFIER ::= { id-pkcs-2 4 }
30 id-pkcs2-md5 OBJECT IDENTIFIER ::= { id-pkcs-2 5 }
32 id-rsa-digestAlgorithm OBJECT IDENTIFIER ::=
33 { iso(1) member-body(2) us(840) rsadsi(113549) 2 }
35 id-rsa-digest-md2 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 2 }
36 id-rsa-digest-md4 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 4 }
37 id-rsa-digest-md5 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 5 }
39 id-pkcs-3 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
40 rsadsi(113549) pkcs(1) 3 }
42 id-pkcs3-rc2-cbc OBJECT IDENTIFIER ::= { id-pkcs-3 2 }
43 id-pkcs3-rc4 OBJECT IDENTIFIER ::= { id-pkcs-3 4 }
44 id-pkcs3-des-ede3-cbc OBJECT IDENTIFIER ::= { id-pkcs-3 7 }
46 id-rsadsi-encalg OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
47 rsadsi(113549) 3 }
49 id-rsadsi-rc2-cbc OBJECT IDENTIFIER ::= { id-rsadsi-encalg 2 }
50 id-rsadsi-des-ede3-cbc OBJECT IDENTIFIER ::= { id-rsadsi-encalg 7 }
52 id-secsig-sha-1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
53 oiw(14) secsig(3) algorithm(2) 26 }
55 id-nistAlgorithm OBJECT IDENTIFIER ::= {
56 joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) 4 }
58 id-nist-aes-algs OBJECT IDENTIFIER ::= { id-nistAlgorithm 1 }
60 id-aes-128-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 2 }
61 id-aes-192-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 22 }
62 id-aes-256-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 42 }
64 id-nist-sha-algs OBJECT IDENTIFIER ::= { id-nistAlgorithm 2 }
66 id-sha256 OBJECT IDENTIFIER ::= { id-nist-sha-algs 1 }
67 id-sha224 OBJECT IDENTIFIER ::= { id-nist-sha-algs 4 }
68 id-sha384 OBJECT IDENTIFIER ::= { id-nist-sha-algs 2 }
69 id-sha512 OBJECT IDENTIFIER ::= { id-nist-sha-algs 3 }
71 id-dhpublicnumber OBJECT IDENTIFIER ::= {
72 iso(1) member-body(2) us(840) ansi-x942(10046)
73 number-type(2) 1 }
75 -- ECC
77 id-ecPublicKey OBJECT IDENTIFIER ::= {
78 iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 }
80 id-ecDH OBJECT IDENTIFIER ::= {
81 iso(1) identified-organization(3) certicom(132) schemes(1)
82 ecdh(12) }
84 id-ecMQV OBJECT IDENTIFIER ::= {
85 iso(1) identified-organization(3) certicom(132) schemes(1)
86 ecmqv(13) }
88 id-ecdsa-with-SHA256 OBJECT IDENTIFIER ::= {
89 iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
90 ecdsa-with-SHA2(3) 2 }
92 id-ecdsa-with-SHA1 OBJECT IDENTIFIER ::= {
93 iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 1 }
95 -- some EC group ids
97 id-ec-group-secp256r1 OBJECT IDENTIFIER ::= {
98 iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3)
99 prime(1) 7 }
101 id-ec-group-secp160r1 OBJECT IDENTIFIER ::= {
102 iso(1) identified-organization(3) certicom(132) 0 8 }
104 id-ec-group-secp160r2 OBJECT IDENTIFIER ::= {
105 iso(1) identified-organization(3) certicom(132) 0 30 }
107 -- DSA
109 id-x9-57 OBJECT IDENTIFIER ::= {
110 iso(1) member-body(2) us(840) ansi-x942(10046) 4 }
112 id-dsa OBJECT IDENTIFIER ::= { id-x9-57 1 }
113 id-dsa-with-sha1 OBJECT IDENTIFIER ::= { id-x9-57 3 }
115 -- x.520 names types
117 id-x520-at OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) ds(5) 4 }
119 id-at-commonName OBJECT IDENTIFIER ::= { id-x520-at 3 }
120 id-at-surname OBJECT IDENTIFIER ::= { id-x520-at 4 }
121 id-at-serialNumber OBJECT IDENTIFIER ::= { id-x520-at 5 }
122 id-at-countryName OBJECT IDENTIFIER ::= { id-x520-at 6 }
123 id-at-localityName OBJECT IDENTIFIER ::= { id-x520-at 7 }
124 id-at-stateOrProvinceName OBJECT IDENTIFIER ::= { id-x520-at 8 }
125 id-at-streetAddress OBJECT IDENTIFIER ::= { id-x520-at 9 }
126 id-at-organizationName OBJECT IDENTIFIER ::= { id-x520-at 10 }
127 id-at-organizationalUnitName OBJECT IDENTIFIER ::= { id-x520-at 11 }
128 id-at-name OBJECT IDENTIFIER ::= { id-x520-at 41 }
129 id-at-givenName OBJECT IDENTIFIER ::= { id-x520-at 42 }
130 id-at-initials OBJECT IDENTIFIER ::= { id-x520-at 43 }
131 id-at-generationQualifier OBJECT IDENTIFIER ::= { id-x520-at 44 }
132 id-at-pseudonym OBJECT IDENTIFIER ::= { id-x520-at 65 }
133 -- RFC 2247
134 id-Userid OBJECT IDENTIFIER ::=
135 { 0 9 2342 19200300 100 1 1 }
136 id-domainComponent OBJECT IDENTIFIER ::=
137 { 0 9 2342 19200300 100 1 25 }
140 -- rfc3280
142 id-x509-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29}
144 AlgorithmIdentifier ::= SEQUENCE {
145 algorithm OBJECT IDENTIFIER,
146 parameters heim_any OPTIONAL
147 }
149 AttributeType ::= OBJECT IDENTIFIER
151 AttributeValue ::= heim_any
153 TeletexStringx ::= [UNIVERSAL 20] IMPLICIT OCTET STRING
155 DirectoryString ::= CHOICE {
156 ia5String IA5String,
157 teletexString TeletexStringx,
158 printableString PrintableString,
159 universalString UniversalString,
160 utf8String UTF8String,
161 bmpString BMPString
162 }
164 Attribute ::= SEQUENCE {
165 type AttributeType,
166 value SET OF -- AttributeValue -- heim_any
167 }
169 AttributeTypeAndValue ::= SEQUENCE {
170 type AttributeType,
171 value DirectoryString
172 }
174 RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
176 RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
178 Name ::= CHOICE {
179 rdnSequence RDNSequence
180 }
182 CertificateSerialNumber ::= INTEGER
184 Time ::= CHOICE {
185 utcTime UTCTime,
186 generalTime GeneralizedTime
187 }
189 Validity ::= SEQUENCE {
190 notBefore Time,
191 notAfter Time
192 }
194 UniqueIdentifier ::= BIT STRING
196 SubjectPublicKeyInfo ::= SEQUENCE {
197 algorithm AlgorithmIdentifier,
198 subjectPublicKey BIT STRING
199 }
201 Extension ::= SEQUENCE {
202 extnID OBJECT IDENTIFIER,
203 critical BOOLEAN OPTIONAL, -- DEFAULT FALSE XXX
204 extnValue OCTET STRING
205 }
207 Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
209 TBSCertificate ::= SEQUENCE {
210 version [0] Version OPTIONAL, -- EXPLICIT nnn DEFAULT 1,
211 serialNumber CertificateSerialNumber,
212 signature AlgorithmIdentifier,
213 issuer Name,
214 validity Validity,
215 subject Name,
216 subjectPublicKeyInfo SubjectPublicKeyInfo,
217 issuerUniqueID [1] IMPLICIT BIT STRING -- UniqueIdentifier -- OPTIONAL,
218 -- If present, version shall be v2 or v3
219 subjectUniqueID [2] IMPLICIT BIT STRING -- UniqueIdentifier -- OPTIONAL,
220 -- If present, version shall be v2 or v3
221 extensions [3] EXPLICIT Extensions OPTIONAL
222 -- If present, version shall be v3
223 }
225 Certificate ::= SEQUENCE {
226 tbsCertificate TBSCertificate,
227 signatureAlgorithm AlgorithmIdentifier,
228 signatureValue BIT STRING
229 }
231 Certificates ::= SEQUENCE OF Certificate
233 ValidationParms ::= SEQUENCE {
234 seed BIT STRING,
235 pgenCounter INTEGER
236 }
238 DomainParameters ::= SEQUENCE {
239 p INTEGER, -- odd prime, p=jq +1
240 g INTEGER, -- generator, g
241 q INTEGER, -- factor of p-1
242 j INTEGER OPTIONAL, -- subgroup factor
243 validationParms ValidationParms OPTIONAL -- ValidationParms
244 }
246 DHPublicKey ::= INTEGER
248 OtherName ::= SEQUENCE {
249 type-id OBJECT IDENTIFIER,
250 value [0] EXPLICIT heim_any
251 }
253 GeneralName ::= CHOICE {
254 otherName [0] IMPLICIT -- OtherName -- SEQUENCE {
255 type-id OBJECT IDENTIFIER,
256 value [0] EXPLICIT heim_any
257 },
258 rfc822Name [1] IMPLICIT IA5String,
259 dNSName [2] IMPLICIT IA5String,
260 -- x400Address [3] IMPLICIT ORAddress,--
261 directoryName [4] IMPLICIT -- Name -- CHOICE {
262 rdnSequence RDNSequence
263 },
264 -- ediPartyName [5] IMPLICIT EDIPartyName, --
265 uniformResourceIdentifier [6] IMPLICIT IA5String,
266 iPAddress [7] IMPLICIT OCTET STRING,
267 registeredID [8] IMPLICIT OBJECT IDENTIFIER
268 }
270 GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
272 id-x509-ce-keyUsage OBJECT IDENTIFIER ::= { id-x509-ce 15 }
274 KeyUsage ::= BIT STRING {
275 digitalSignature (0),
276 nonRepudiation (1),
277 keyEncipherment (2),
278 dataEncipherment (3),
279 keyAgreement (4),
280 keyCertSign (5),
281 cRLSign (6),
282 encipherOnly (7),
283 decipherOnly (8)
284 }
286 id-x509-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-x509-ce 35 }
288 KeyIdentifier ::= OCTET STRING
290 AuthorityKeyIdentifier ::= SEQUENCE {
291 keyIdentifier [0] IMPLICIT OCTET STRING OPTIONAL,
292 authorityCertIssuer [1] IMPLICIT -- GeneralName --
293 SEQUENCE -- SIZE (1..MAX) -- OF GeneralName OPTIONAL,
294 authorityCertSerialNumber [2] IMPLICIT INTEGER OPTIONAL
295 }
297 id-x509-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-x509-ce 14 }
299 SubjectKeyIdentifier ::= KeyIdentifier
301 id-x509-ce-basicConstraints OBJECT IDENTIFIER ::= { id-x509-ce 19 }
303 BasicConstraints ::= SEQUENCE {
304 cA BOOLEAN OPTIONAL -- DEFAULT FALSE --,
305 pathLenConstraint INTEGER (0..4294967295) OPTIONAL
306 }
308 id-x509-ce-nameConstraints OBJECT IDENTIFIER ::= { id-x509-ce 30 }
310 BaseDistance ::= INTEGER -- (0..MAX) --
312 GeneralSubtree ::= SEQUENCE {
313 base GeneralName,
314 minimum [0] IMPLICIT -- BaseDistance -- INTEGER OPTIONAL -- DEFAULT 0 --,
315 maximum [1] IMPLICIT -- BaseDistance -- INTEGER OPTIONAL
316 }
318 GeneralSubtrees ::= SEQUENCE -- SIZE (1..MAX) -- OF GeneralSubtree
320 NameConstraints ::= SEQUENCE {
321 permittedSubtrees [0] IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL,
322 excludedSubtrees [1] IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL
323 }
325 id-x509-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= { id-x509-ce 16 }
326 id-x509-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-x509-ce 32 }
327 id-x509-ce-policyMappings OBJECT IDENTIFIER ::= { id-x509-ce 33 }
328 id-x509-ce-subjectAltName OBJECT IDENTIFIER ::= { id-x509-ce 17 }
329 id-x509-ce-issuerAltName OBJECT IDENTIFIER ::= { id-x509-ce 18 }
330 id-x509-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-x509-ce 9 }
331 id-x509-ce-policyConstraints OBJECT IDENTIFIER ::= { id-x509-ce 36 }
333 id-x509-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-x509-ce 37}
335 ExtKeyUsage ::= SEQUENCE OF OBJECT IDENTIFIER
337 id-x509-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-x509-ce 31 }
338 id-x509-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-x509-ce 27 }
339 id-x509-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-x509-ce 28 }
340 id-x509-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-x509-ce 23 }
341 id-x509-ce-invalidityDate OBJECT IDENTIFIER ::= { id-x509-ce 24 }
342 id-x509-ce-certificateIssuer OBJECT IDENTIFIER ::= { id-x509-ce 29 }
343 id-x509-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-x509-ce 54 }
345 DistributionPointReasonFlags ::= BIT STRING {
346 unused (0),
347 keyCompromise (1),
348 cACompromise (2),
349 affiliationChanged (3),
350 superseded (4),
351 cessationOfOperation (5),
352 certificateHold (6),
353 privilegeWithdrawn (7),
354 aACompromise (8)
355 }
357 DistributionPointName ::= CHOICE {
358 fullName [0] IMPLICIT -- GeneralNames -- SEQUENCE SIZE (1..MAX) OF GeneralName,
359 nameRelativeToCRLIssuer [1] RelativeDistinguishedName
360 }
362 DistributionPoint ::= SEQUENCE {
363 distributionPoint [0] IMPLICIT heim_any -- DistributionPointName -- OPTIONAL,
364 reasons [1] IMPLICIT heim_any -- DistributionPointReasonFlags -- OPTIONAL,
365 cRLIssuer [2] IMPLICIT heim_any -- GeneralNames -- OPTIONAL
366 }
368 CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
371 -- rfc3279
373 DSASigValue ::= SEQUENCE {
374 r INTEGER,
375 s INTEGER
376 }
378 DSAPublicKey ::= INTEGER
380 DSAParams ::= SEQUENCE {
381 p INTEGER,
382 q INTEGER,
383 g INTEGER
384 }
386 -- draft-ietf-pkix-ecc-subpubkeyinfo-11
388 ECPoint ::= OCTET STRING
390 ECParameters ::= CHOICE {
391 namedCurve OBJECT IDENTIFIER
392 -- implicitCurve NULL
393 -- specifiedCurve SpecifiedECDomain
394 }
396 ECDSA-Sig-Value ::= SEQUENCE {
397 r INTEGER,
398 s INTEGER
399 }
401 -- really pkcs1
403 RSAPublicKey ::= SEQUENCE {
404 modulus INTEGER, -- n
405 publicExponent INTEGER -- e
406 }
408 RSAPrivateKey ::= SEQUENCE {
409 version INTEGER (0..4294967295),
410 modulus INTEGER, -- n
411 publicExponent INTEGER, -- e
412 privateExponent INTEGER, -- d
413 prime1 INTEGER, -- p
414 prime2 INTEGER, -- q
415 exponent1 INTEGER, -- d mod (p-1)
416 exponent2 INTEGER, -- d mod (q-1)
417 coefficient INTEGER -- (inverse of q) mod p
418 }
420 DigestInfo ::= SEQUENCE {
421 digestAlgorithm AlgorithmIdentifier,
422 digest OCTET STRING
423 }
425 -- some ms ext
427 -- szOID_ENROLL_CERTTYPE_EXTENSION "1.3.6.1.4.1.311.20.2" is Encoded as a
429 -- UNICODESTRING (0x1E tag)
431 -- szOID_CERTIFICATE_TEMPLATE "1.3.6.1.4.1.311.21.7" is Encoded as:
433 -- TemplateVersion ::= INTEGER (0..4294967295)
435 -- CertificateTemplate ::= SEQUENCE {
436 -- templateID OBJECT IDENTIFIER,
437 -- templateMajorVersion TemplateVersion,
438 -- templateMinorVersion TemplateVersion OPTIONAL
439 -- }
442 --
443 -- CRL
444 --
446 TBSCRLCertList ::= SEQUENCE {
447 version Version OPTIONAL, -- if present, MUST be v2
448 signature AlgorithmIdentifier,
449 issuer Name,
450 thisUpdate Time,
451 nextUpdate Time OPTIONAL,
452 revokedCertificates SEQUENCE OF SEQUENCE {
453 userCertificate CertificateSerialNumber,
454 revocationDate Time,
455 crlEntryExtensions Extensions OPTIONAL
456 -- if present, MUST be v2
457 } OPTIONAL,
458 crlExtensions [0] EXPLICIT Extensions OPTIONAL
459 -- if present, MUST be v2
460 }
463 CRLCertificateList ::= SEQUENCE {
464 tbsCertList TBSCRLCertList,
465 signatureAlgorithm AlgorithmIdentifier,
466 signatureValue BIT STRING
467 }
469 id-x509-ce-cRLNumber OBJECT IDENTIFIER ::= { id-x509-ce 20 }
470 id-x509-ce-freshestCRL OBJECT IDENTIFIER ::= { id-x509-ce 46 }
471 id-x509-ce-cRLReason OBJECT IDENTIFIER ::= { id-x509-ce 21 }
473 CRLReason ::= ENUMERATED {
474 unspecified (0),
475 keyCompromise (1),
476 cACompromise (2),
477 affiliationChanged (3),
478 superseded (4),
479 cessationOfOperation (5),
480 certificateHold (6),
481 removeFromCRL (8),
482 privilegeWithdrawn (9),
483 aACompromise (10)
484 }
486 PKIXXmppAddr ::= UTF8String
488 id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
489 dod(6) internet(1) security(5) mechanisms(5) pkix(7) }
491 id-pkix-on OBJECT IDENTIFIER ::= { id-pkix 8 }
492 id-pkix-on-xmppAddr OBJECT IDENTIFIER ::= { id-pkix-on 5 }
493 id-pkix-on-dnsSRV OBJECT IDENTIFIER ::= { id-pkix-on 7 }
495 id-pkix-kp OBJECT IDENTIFIER ::= { id-pkix 3 }
496 id-pkix-kp-serverAuth OBJECT IDENTIFIER ::= { id-pkix-kp 1 }
497 id-pkix-kp-clientAuth OBJECT IDENTIFIER ::= { id-pkix-kp 2 }
498 id-pkix-kp-emailProtection OBJECT IDENTIFIER ::= { id-pkix-kp 4 }
499 id-pkix-kp-timeStamping OBJECT IDENTIFIER ::= { id-pkix-kp 8 }
500 id-pkix-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-pkix-kp 9 }
502 id-pkix-pe OBJECT IDENTIFIER ::= { id-pkix 1 }
504 id-pkix-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pkix-pe 1 }
506 AccessDescription ::= SEQUENCE {
507 accessMethod OBJECT IDENTIFIER,
508 accessLocation GeneralName
509 }
511 AuthorityInfoAccessSyntax ::= SEQUENCE SIZE (1..MAX) OF AccessDescription
513 -- RFC 3820 Proxy Certificate Profile
515 id-pkix-pe-proxyCertInfo OBJECT IDENTIFIER ::= { id-pkix-pe 14 }
517 id-pkix-ppl OBJECT IDENTIFIER ::= { id-pkix 21 }
519 id-pkix-ppl-anyLanguage OBJECT IDENTIFIER ::= { id-pkix-ppl 0 }
520 id-pkix-ppl-inheritAll OBJECT IDENTIFIER ::= { id-pkix-ppl 1 }
521 id-pkix-ppl-independent OBJECT IDENTIFIER ::= { id-pkix-ppl 2 }
523 ProxyPolicy ::= SEQUENCE {
524 policyLanguage OBJECT IDENTIFIER,
525 policy OCTET STRING OPTIONAL
526 }
528 ProxyCertInfo ::= SEQUENCE {
529 pCPathLenConstraint INTEGER (0..4294967295) OPTIONAL, -- really MAX
530 proxyPolicy ProxyPolicy
531 }
533 --- U.S. Federal PKI Common Policy Framework
534 -- Card Authentication key
535 id-uspkicommon-card-id OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 6 }
536 id-uspkicommon-piv-interim OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 9 1 }
538 --- Netscape extentions
540 id-netscape OBJECT IDENTIFIER ::=
541 { joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730) }
542 id-netscape-cert-comment OBJECT IDENTIFIER ::= { id-netscape 1 13 }
544 --- MS extentions
546 id-ms-cert-enroll-domaincontroller OBJECT IDENTIFIER ::=
547 { 1 3 6 1 4 1 311 20 2 }
549 id-ms-client-authentication OBJECT IDENTIFIER ::=
550 { 1 3 6 1 5 5 7 3 2 }
552 -- DER:1e:20:00:44:00:6f:00:6d:00:61:00:69:00:6e:00:43:00:6f:00:6e:00:74:00:72:00:6f:00:6c:00:6c:00:65:00:72
554 END