| blob | 5df9e41fffd2f92362e520d598193a4c5f21aa09 |
1 -- $Id$ --
2 -- Definitions from rfc2459/rfc3280
4 RFC2459 DEFINITIONS ::= BEGIN
6 IMPORTS heim_any FROM heim;
8 Version ::= INTEGER {
9 rfc3280_version_1(0),
10 rfc3280_version_2(1),
11 rfc3280_version_3(2)
12 }
14 id-pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
15 rsadsi(113549) pkcs(1) 1 }
16 id-pkcs1-rsaEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 1 }
17 id-pkcs1-md2WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 2 }
18 id-pkcs1-md5WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 4 }
19 id-pkcs1-sha1WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 5 }
20 id-pkcs1-sha256WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 11 }
21 id-pkcs1-sha384WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 12 }
22 id-pkcs1-sha512WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 13 }
24 id-heim-rsa-pkcs1-x509 OBJECT IDENTIFIER ::= { 1 2 752 43 16 1 }
26 id-pkcs-2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
27 rsadsi(113549) pkcs(1) 2 }
28 id-pkcs2-md2 OBJECT IDENTIFIER ::= { id-pkcs-2 2 }
29 id-pkcs2-md4 OBJECT IDENTIFIER ::= { id-pkcs-2 4 }
30 id-pkcs2-md5 OBJECT IDENTIFIER ::= { id-pkcs-2 5 }
32 id-rsa-digestAlgorithm OBJECT IDENTIFIER ::=
33 { iso(1) member-body(2) us(840) rsadsi(113549) 2 }
35 id-rsa-digest-md2 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 2 }
36 id-rsa-digest-md4 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 4 }
37 id-rsa-digest-md5 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 5 }
39 id-pkcs-3 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
40 rsadsi(113549) pkcs(1) 3 }
42 id-pkcs3-rc2-cbc OBJECT IDENTIFIER ::= { id-pkcs-3 2 }
43 id-pkcs3-rc4 OBJECT IDENTIFIER ::= { id-pkcs-3 4 }
44 id-pkcs3-des-ede3-cbc OBJECT IDENTIFIER ::= { id-pkcs-3 7 }
46 id-rsadsi-encalg OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
47 rsadsi(113549) 3 }
49 id-rsadsi-rc2-cbc OBJECT IDENTIFIER ::= { id-rsadsi-encalg 2 }
50 id-rsadsi-des-ede3-cbc OBJECT IDENTIFIER ::= { id-rsadsi-encalg 7 }
52 id-secsig-sha-1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
53 oiw(14) secsig(3) algorithm(2) 26 }
55 id-secsig-sha-1WithRSAEncryption OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
56 oiw(14) secsig(3) algorithm(2) 29 }
58 id-nistAlgorithm OBJECT IDENTIFIER ::= {
59 joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) 4 }
61 id-nist-aes-algs OBJECT IDENTIFIER ::= { id-nistAlgorithm 1 }
63 id-aes-128-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 2 }
64 id-aes-192-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 22 }
65 id-aes-256-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 42 }
67 id-nist-sha-algs OBJECT IDENTIFIER ::= { id-nistAlgorithm 2 }
69 id-sha256 OBJECT IDENTIFIER ::= { id-nist-sha-algs 1 }
70 id-sha224 OBJECT IDENTIFIER ::= { id-nist-sha-algs 4 }
71 id-sha384 OBJECT IDENTIFIER ::= { id-nist-sha-algs 2 }
72 id-sha512 OBJECT IDENTIFIER ::= { id-nist-sha-algs 3 }
74 id-dhpublicnumber OBJECT IDENTIFIER ::= {
75 iso(1) member-body(2) us(840) ansi-x942(10046)
76 number-type(2) 1 }
78 -- ECC
80 id-ecPublicKey OBJECT IDENTIFIER ::= {
81 iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 }
83 id-ecDH OBJECT IDENTIFIER ::= {
84 iso(1) identified-organization(3) certicom(132) schemes(1)
85 ecdh(12) }
87 id-ecMQV OBJECT IDENTIFIER ::= {
88 iso(1) identified-organization(3) certicom(132) schemes(1)
89 ecmqv(13) }
91 id-ecdsa-with-SHA256 OBJECT IDENTIFIER ::= {
92 iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
93 ecdsa-with-SHA2(3) 2 }
95 id-ecdsa-with-SHA1 OBJECT IDENTIFIER ::= {
96 iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 1 }
98 -- some EC group ids
100 id-ec-group-secp256r1 OBJECT IDENTIFIER ::= {
101 iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3)
102 prime(1) 7 }
104 id-ec-group-secp160r1 OBJECT IDENTIFIER ::= {
105 iso(1) identified-organization(3) certicom(132) 0 8 }
107 id-ec-group-secp160r2 OBJECT IDENTIFIER ::= {
108 iso(1) identified-organization(3) certicom(132) 0 30 }
110 -- DSA
112 id-x9-57 OBJECT IDENTIFIER ::= {
113 iso(1) member-body(2) us(840) ansi-x942(10046) 4 }
115 id-dsa OBJECT IDENTIFIER ::= { id-x9-57 1 }
116 id-dsa-with-sha1 OBJECT IDENTIFIER ::= { id-x9-57 3 }
118 -- x.520 names types
120 id-x520-at OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) ds(5) 4 }
122 id-at-commonName OBJECT IDENTIFIER ::= { id-x520-at 3 }
123 id-at-surname OBJECT IDENTIFIER ::= { id-x520-at 4 }
124 id-at-serialNumber OBJECT IDENTIFIER ::= { id-x520-at 5 }
125 id-at-countryName OBJECT IDENTIFIER ::= { id-x520-at 6 }
126 id-at-localityName OBJECT IDENTIFIER ::= { id-x520-at 7 }
127 id-at-stateOrProvinceName OBJECT IDENTIFIER ::= { id-x520-at 8 }
128 id-at-streetAddress OBJECT IDENTIFIER ::= { id-x520-at 9 }
129 id-at-organizationName OBJECT IDENTIFIER ::= { id-x520-at 10 }
130 id-at-organizationalUnitName OBJECT IDENTIFIER ::= { id-x520-at 11 }
131 id-at-name OBJECT IDENTIFIER ::= { id-x520-at 41 }
132 id-at-givenName OBJECT IDENTIFIER ::= { id-x520-at 42 }
133 id-at-initials OBJECT IDENTIFIER ::= { id-x520-at 43 }
134 id-at-generationQualifier OBJECT IDENTIFIER ::= { id-x520-at 44 }
135 id-at-pseudonym OBJECT IDENTIFIER ::= { id-x520-at 65 }
136 -- RFC 2247
137 id-Userid OBJECT IDENTIFIER ::=
138 { 0 9 2342 19200300 100 1 1 }
139 id-domainComponent OBJECT IDENTIFIER ::=
140 { 0 9 2342 19200300 100 1 25 }
143 -- rfc3280
145 id-x509-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29}
147 AlgorithmIdentifier ::= SEQUENCE {
148 algorithm OBJECT IDENTIFIER,
149 parameters heim_any OPTIONAL
150 }
152 AttributeType ::= OBJECT IDENTIFIER
154 AttributeValue ::= heim_any
156 DirectoryString ::= CHOICE {
157 ia5String IA5String,
158 teletexString TeletexString,
159 printableString PrintableString,
160 universalString UniversalString,
161 utf8String UTF8String,
162 bmpString BMPString
163 }
165 Attribute ::= SEQUENCE {
166 type AttributeType,
167 value SET OF -- AttributeValue -- heim_any
168 }
170 AttributeTypeAndValue ::= SEQUENCE {
171 type AttributeType,
172 value DirectoryString
173 }
175 RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
177 RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
179 Name ::= CHOICE {
180 rdnSequence RDNSequence
181 }
183 CertificateSerialNumber ::= INTEGER
185 Time ::= CHOICE {
186 utcTime UTCTime,
187 generalTime GeneralizedTime
188 }
190 Validity ::= SEQUENCE {
191 notBefore Time,
192 notAfter Time
193 }
195 UniqueIdentifier ::= BIT STRING
197 SubjectPublicKeyInfo ::= SEQUENCE {
198 algorithm AlgorithmIdentifier,
199 subjectPublicKey BIT STRING
200 }
202 Extension ::= SEQUENCE {
203 extnID OBJECT IDENTIFIER,
204 critical BOOLEAN OPTIONAL, -- DEFAULT FALSE XXX
205 extnValue OCTET STRING
206 }
208 Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
210 TBSCertificate ::= SEQUENCE {
211 version [0] Version OPTIONAL, -- EXPLICIT nnn DEFAULT 1,
212 serialNumber CertificateSerialNumber,
213 signature AlgorithmIdentifier,
214 issuer Name,
215 validity Validity,
216 subject Name,
217 subjectPublicKeyInfo SubjectPublicKeyInfo,
218 issuerUniqueID [1] IMPLICIT BIT STRING -- UniqueIdentifier -- OPTIONAL,
219 -- If present, version shall be v2 or v3
220 subjectUniqueID [2] IMPLICIT BIT STRING -- UniqueIdentifier -- OPTIONAL,
221 -- If present, version shall be v2 or v3
222 extensions [3] EXPLICIT Extensions OPTIONAL
223 -- If present, version shall be v3
224 }
226 Certificate ::= SEQUENCE {
227 tbsCertificate TBSCertificate,
228 signatureAlgorithm AlgorithmIdentifier,
229 signatureValue BIT STRING
230 }
232 Certificates ::= SEQUENCE OF Certificate
234 ValidationParms ::= SEQUENCE {
235 seed BIT STRING,
236 pgenCounter INTEGER
237 }
239 DomainParameters ::= SEQUENCE {
240 p INTEGER, -- odd prime, p=jq +1
241 g INTEGER, -- generator, g
242 q INTEGER, -- factor of p-1
243 j INTEGER OPTIONAL, -- subgroup factor
244 validationParms ValidationParms OPTIONAL -- ValidationParms
245 }
247 -- As defined by PKCS3
248 DHParameter ::= SEQUENCE {
249 prime INTEGER, -- odd prime, p=jq +1
250 base INTEGER, -- generator, g
251 privateValueLength INTEGER OPTIONAL
252 }
254 DHPublicKey ::= INTEGER
256 OtherName ::= SEQUENCE {
257 type-id OBJECT IDENTIFIER,
258 value [0] EXPLICIT heim_any
259 }
261 GeneralName ::= CHOICE {
262 otherName [0] IMPLICIT -- OtherName -- SEQUENCE {
263 type-id OBJECT IDENTIFIER,
264 value [0] EXPLICIT heim_any
265 },
266 rfc822Name [1] IMPLICIT IA5String,
267 dNSName [2] IMPLICIT IA5String,
268 -- x400Address [3] IMPLICIT ORAddress,--
269 directoryName [4] IMPLICIT -- Name -- CHOICE {
270 rdnSequence RDNSequence
271 },
272 -- ediPartyName [5] IMPLICIT EDIPartyName, --
273 uniformResourceIdentifier [6] IMPLICIT IA5String,
274 iPAddress [7] IMPLICIT OCTET STRING,
275 registeredID [8] IMPLICIT OBJECT IDENTIFIER
276 }
278 GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
280 id-x509-ce-keyUsage OBJECT IDENTIFIER ::= { id-x509-ce 15 }
282 KeyUsage ::= BIT STRING {
283 digitalSignature (0),
284 nonRepudiation (1),
285 keyEncipherment (2),
286 dataEncipherment (3),
287 keyAgreement (4),
288 keyCertSign (5),
289 cRLSign (6),
290 encipherOnly (7),
291 decipherOnly (8)
292 }
294 id-x509-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-x509-ce 35 }
296 KeyIdentifier ::= OCTET STRING
298 AuthorityKeyIdentifier ::= SEQUENCE {
299 keyIdentifier [0] IMPLICIT OCTET STRING OPTIONAL,
300 authorityCertIssuer [1] IMPLICIT -- GeneralName --
301 SEQUENCE -- SIZE (1..MAX) -- OF GeneralName OPTIONAL,
302 authorityCertSerialNumber [2] IMPLICIT INTEGER OPTIONAL
303 }
305 id-x509-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-x509-ce 14 }
307 SubjectKeyIdentifier ::= KeyIdentifier
309 id-x509-ce-basicConstraints OBJECT IDENTIFIER ::= { id-x509-ce 19 }
311 BasicConstraints ::= SEQUENCE {
312 cA BOOLEAN OPTIONAL -- DEFAULT FALSE --,
313 pathLenConstraint INTEGER (0..4294967295) OPTIONAL
314 }
316 id-x509-ce-nameConstraints OBJECT IDENTIFIER ::= { id-x509-ce 30 }
318 BaseDistance ::= INTEGER -- (0..MAX) --
320 GeneralSubtree ::= SEQUENCE {
321 base GeneralName,
322 minimum [0] IMPLICIT -- BaseDistance -- INTEGER OPTIONAL -- DEFAULT 0 --,
323 maximum [1] IMPLICIT -- BaseDistance -- INTEGER OPTIONAL
324 }
326 GeneralSubtrees ::= SEQUENCE -- SIZE (1..MAX) -- OF GeneralSubtree
328 NameConstraints ::= SEQUENCE {
329 permittedSubtrees [0] IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL,
330 excludedSubtrees [1] IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL
331 }
333 id-x509-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= { id-x509-ce 16 }
334 id-x509-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-x509-ce 32 }
335 id-x509-ce-policyMappings OBJECT IDENTIFIER ::= { id-x509-ce 33 }
336 id-x509-ce-subjectAltName OBJECT IDENTIFIER ::= { id-x509-ce 17 }
337 id-x509-ce-issuerAltName OBJECT IDENTIFIER ::= { id-x509-ce 18 }
338 id-x509-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-x509-ce 9 }
339 id-x509-ce-policyConstraints OBJECT IDENTIFIER ::= { id-x509-ce 36 }
341 id-x509-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-x509-ce 37}
343 ExtKeyUsage ::= SEQUENCE OF OBJECT IDENTIFIER
345 id-x509-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-x509-ce 31 }
346 id-x509-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-x509-ce 27 }
347 id-x509-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-x509-ce 28 }
348 id-x509-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-x509-ce 23 }
349 id-x509-ce-invalidityDate OBJECT IDENTIFIER ::= { id-x509-ce 24 }
350 id-x509-ce-certificateIssuer OBJECT IDENTIFIER ::= { id-x509-ce 29 }
351 id-x509-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-x509-ce 54 }
353 DistributionPointReasonFlags ::= BIT STRING {
354 unused (0),
355 keyCompromise (1),
356 cACompromise (2),
357 affiliationChanged (3),
358 superseded (4),
359 cessationOfOperation (5),
360 certificateHold (6),
361 privilegeWithdrawn (7),
362 aACompromise (8)
363 }
365 DistributionPointName ::= CHOICE {
366 fullName [0] IMPLICIT -- GeneralNames -- SEQUENCE SIZE (1..MAX) OF GeneralName,
367 nameRelativeToCRLIssuer [1] RelativeDistinguishedName
368 }
370 DistributionPoint ::= SEQUENCE {
371 distributionPoint [0] IMPLICIT heim_any -- DistributionPointName -- OPTIONAL,
372 reasons [1] IMPLICIT heim_any -- DistributionPointReasonFlags -- OPTIONAL,
373 cRLIssuer [2] IMPLICIT heim_any -- GeneralNames -- OPTIONAL
374 }
376 CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
379 -- rfc3279
381 DSASigValue ::= SEQUENCE {
382 r INTEGER,
383 s INTEGER
384 }
386 DSAPublicKey ::= INTEGER
388 DSAParams ::= SEQUENCE {
389 p INTEGER,
390 q INTEGER,
391 g INTEGER
392 }
394 -- draft-ietf-pkix-ecc-subpubkeyinfo-11
396 ECPoint ::= OCTET STRING
398 ECParameters ::= CHOICE {
399 namedCurve OBJECT IDENTIFIER
400 -- implicitCurve NULL
401 -- specifiedCurve SpecifiedECDomain
402 }
404 ECDSA-Sig-Value ::= SEQUENCE {
405 r INTEGER,
406 s INTEGER
407 }
409 -- really pkcs1
411 RSAPublicKey ::= SEQUENCE {
412 modulus INTEGER, -- n
413 publicExponent INTEGER -- e
414 }
416 RSAPrivateKey ::= SEQUENCE {
417 version INTEGER (0..4294967295),
418 modulus INTEGER, -- n
419 publicExponent INTEGER, -- e
420 privateExponent INTEGER, -- d
421 prime1 INTEGER, -- p
422 prime2 INTEGER, -- q
423 exponent1 INTEGER, -- d mod (p-1)
424 exponent2 INTEGER, -- d mod (q-1)
425 coefficient INTEGER -- (inverse of q) mod p
426 }
428 DigestInfo ::= SEQUENCE {
429 digestAlgorithm AlgorithmIdentifier,
430 digest OCTET STRING
431 }
433 -- some ms ext
435 -- szOID_ENROLL_CERTTYPE_EXTENSION "1.3.6.1.4.1.311.20.2" is Encoded as a
437 -- UNICODESTRING (0x1E tag)
439 -- szOID_CERTIFICATE_TEMPLATE "1.3.6.1.4.1.311.21.7" is Encoded as:
441 -- TemplateVersion ::= INTEGER (0..4294967295)
443 -- CertificateTemplate ::= SEQUENCE {
444 -- templateID OBJECT IDENTIFIER,
445 -- templateMajorVersion TemplateVersion,
446 -- templateMinorVersion TemplateVersion OPTIONAL
447 -- }
450 --
451 -- CRL
452 --
454 TBSCRLCertList ::= SEQUENCE {
455 version Version OPTIONAL, -- if present, MUST be v2
456 signature AlgorithmIdentifier,
457 issuer Name,
458 thisUpdate Time,
459 nextUpdate Time OPTIONAL,
460 revokedCertificates SEQUENCE OF SEQUENCE {
461 userCertificate CertificateSerialNumber,
462 revocationDate Time,
463 crlEntryExtensions Extensions OPTIONAL
464 -- if present, MUST be v2
465 } OPTIONAL,
466 crlExtensions [0] EXPLICIT Extensions OPTIONAL
467 -- if present, MUST be v2
468 }
471 CRLCertificateList ::= SEQUENCE {
472 tbsCertList TBSCRLCertList,
473 signatureAlgorithm AlgorithmIdentifier,
474 signatureValue BIT STRING
475 }
477 id-x509-ce-cRLNumber OBJECT IDENTIFIER ::= { id-x509-ce 20 }
478 id-x509-ce-freshestCRL OBJECT IDENTIFIER ::= { id-x509-ce 46 }
479 id-x509-ce-cRLReason OBJECT IDENTIFIER ::= { id-x509-ce 21 }
481 CRLReason ::= ENUMERATED {
482 unspecified (0),
483 keyCompromise (1),
484 cACompromise (2),
485 affiliationChanged (3),
486 superseded (4),
487 cessationOfOperation (5),
488 certificateHold (6),
489 removeFromCRL (8),
490 privilegeWithdrawn (9),
491 aACompromise (10)
492 }
494 PKIXXmppAddr ::= UTF8String
496 id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
497 dod(6) internet(1) security(5) mechanisms(5) pkix(7) }
499 id-pkix-on OBJECT IDENTIFIER ::= { id-pkix 8 }
500 id-pkix-on-xmppAddr OBJECT IDENTIFIER ::= { id-pkix-on 5 }
501 id-pkix-on-dnsSRV OBJECT IDENTIFIER ::= { id-pkix-on 7 }
503 id-pkix-kp OBJECT IDENTIFIER ::= { id-pkix 3 }
504 id-pkix-kp-serverAuth OBJECT IDENTIFIER ::= { id-pkix-kp 1 }
505 id-pkix-kp-clientAuth OBJECT IDENTIFIER ::= { id-pkix-kp 2 }
506 id-pkix-kp-emailProtection OBJECT IDENTIFIER ::= { id-pkix-kp 4 }
507 id-pkix-kp-timeStamping OBJECT IDENTIFIER ::= { id-pkix-kp 8 }
508 id-pkix-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-pkix-kp 9 }
510 id-pkix-pe OBJECT IDENTIFIER ::= { id-pkix 1 }
512 id-pkix-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pkix-pe 1 }
514 AccessDescription ::= SEQUENCE {
515 accessMethod OBJECT IDENTIFIER,
516 accessLocation GeneralName
517 }
519 AuthorityInfoAccessSyntax ::= SEQUENCE SIZE (1..MAX) OF AccessDescription
521 -- RFC 3820 Proxy Certificate Profile
523 id-pkix-pe-proxyCertInfo OBJECT IDENTIFIER ::= { id-pkix-pe 14 }
525 id-pkix-ppl OBJECT IDENTIFIER ::= { id-pkix 21 }
527 id-pkix-ppl-anyLanguage OBJECT IDENTIFIER ::= { id-pkix-ppl 0 }
528 id-pkix-ppl-inheritAll OBJECT IDENTIFIER ::= { id-pkix-ppl 1 }
529 id-pkix-ppl-independent OBJECT IDENTIFIER ::= { id-pkix-ppl 2 }
531 ProxyPolicy ::= SEQUENCE {
532 policyLanguage OBJECT IDENTIFIER,
533 policy OCTET STRING OPTIONAL
534 }
536 ProxyCertInfo ::= SEQUENCE {
537 pCPathLenConstraint INTEGER (0..4294967295) OPTIONAL, -- really MAX
538 proxyPolicy ProxyPolicy
539 }
541 --- U.S. Federal PKI Common Policy Framework
542 -- Card Authentication key
543 id-uspkicommon-card-id OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 6 }
544 id-uspkicommon-piv-interim OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 9 1 }
546 --- Netscape extentions
548 id-netscape OBJECT IDENTIFIER ::=
549 { joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730) }
550 id-netscape-cert-comment OBJECT IDENTIFIER ::= { id-netscape 1 13 }
552 --- MS extentions
554 id-ms-cert-enroll-domaincontroller OBJECT IDENTIFIER ::=
555 { 1 3 6 1 4 1 311 20 2 }
557 id-ms-client-authentication OBJECT IDENTIFIER ::=
558 { 1 3 6 1 5 5 7 3 2 }
560 -- DER:1e:20:00:44:00:6f:00:6d:00:61:00:69:00:6e:00:43:00:6f:00:6e:00:74:00:72:00:6f:00:6c:00:6c:00:65:00:72
562 END