1PKIX1Explicit93 {iso(1) identified-organization(3) dod(6) internet(1) 2 security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-explicit-93(3)} 3 4 5DEFINITIONS EXPLICIT TAGS ::= 6 7BEGIN 8 9-- EXPORTS ALL -- 10 11IMPORTS 12 authorityKeyIdentifier, subjectKeyIdentifier, keyUsage, 13 extendedKeyUsage, privateKeyUsagePeriod, certificatePolicies, 14 policyMappings, subjectAltName, issuerAltName, 15 basicConstraints, nameConstraints, policyConstraints, 16 cRLDistributionPoints, subjectDirectoryAttributes, 17 cRLNumber, reasonCode, instructionCode, invalidityDate, 18 issuingDistributionPoint, certificateIssuer, 19 deltaCRLIndicator, authorityInfoAccess, id-ce 20 FROM PKIX1Implicit93 {iso(1) identified-organization(3) 21 dod(6) internet(1) security(5) mechanisms(5) pkix(7) 22 id-mod(0) id-pkix1-implicit-93(4)} ; 23 24-- 25 -- Locally defined OIDs -- 26 27id-pkix OBJECT IDENTIFIER ::= 28 { iso(1) identified-organization(3) dod(6) internet(1) 29 security(5) mechanisms(5) pkix(7) } 30 31-- PKIX arcs 32-- arc for private certificate extensions 33id-pe OBJECT IDENTIFIER ::= { id-pkix 1 } 34 -- arc for policy qualifier types 35id-qt OBJECT IDENTIFIER ::= { id-pkix 2 } 36-- arc for extended key purpose OIDS 37id-kp OBJECT IDENTIFIER ::= { id-pkix 3 } 38-- arc for access descriptors 39id-ad OBJECT IDENTIFIER ::= { id-pkix 48 } 40 41-- policyQualifierIds for Internet policy qualifiers 42id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 } 43 -- OID for CPS qualifier 44 45id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 } 46 -- OID for user notice qualifier 47 48-- based on excerpts from AuthenticationFramework 49-- {joint-iso-ccitt ds(5) modules(1) authenticationFramework(7) 2} 50 51 -- Public Key Certificate -- 52 53Certificate ::= SIGNED { SEQUENCE { 54 version [0] Version DEFAULT v1, 55 serialNumber CertificateSerialNumber, 56 signature AlgorithmIdentifier, 57 issuer Name, 58 validity Validity, 59 subject Name, 60 subjectPublicKeyInfo SubjectPublicKeyInfo, 61 issuerUniqueIdentifier [1] IMPLICIT UniqueIdentifier OPTIONAL, 62 ---if present, version shall be v2 or v3-- 63 subjectUniqueIdentifier [2] IMPLICIT UniqueIdentifier OPTIONAL, 64 ---if present, version shall be v2 or v3-- 65 extensions [3] Extensions OPTIONAL 66 --if present, version shall be v3--} } 67 68UniqueIdentifier ::= BIT STRING 69 70Version ::= INTEGER { v1(0), v2(1), v3(2) } 71 72CertificateSerialNumber ::= INTEGER 73 74Validity ::= SEQUENCE { 75 notBefore Time, 76 notAfter Time } 77 78Time ::= CHOICE { 79 utcTime UTCTime, 80 generalTime GeneralizedTime } 81 82SubjectPublicKeyInfo ::= SEQUENCE{ 83 algorithm AlgorithmIdentifier, 84 subjectPublicKey BIT STRING} 85 86Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension 87 88Extension ::= SEQUENCE { 89 extnId EXTENSION.&id ({ExtensionSet}), 90 critical BOOLEAN DEFAULT FALSE, 91 extnValue OCTET STRING } 92 -- contains a DER encoding of a value of type 93 -- &ExtnType for the 94 -- extension object identified by extnId -- 95 96-- The following information object set is defined to constrain the 97-- set of legal certificate extensions. 98 99ExtensionSet EXTENSION ::= { authorityKeyIdentifier | 100 subjectKeyIdentifier | 101 keyUsage | 102 extendedKeyUsage | 103 privateKeyUsagePeriod | 104 certificatePolicies | 105 policyMappings | 106 subjectAltName | 107 issuerAltName | 108 basicConstraints | 109 nameConstraints | 110 policyConstraints | 111 cRLDistributionPoints | 112 subjectDirectoryAttributes | 113 authorityInfoAccess } 114 115EXTENSION ::= CLASS { 116 &id OBJECT IDENTIFIER UNIQUE, 117 &ExtnType } 118WITH SYNTAX { 119 SYNTAX &ExtnType 120 IDENTIFIED BY &id } 121 122 -- Certificate Revocation List -- 123 124CertificateList ::= SIGNED { SEQUENCE { 125 version Version OPTIONAL, -- if present, shall be v2 126 signature AlgorithmIdentifier, 127 issuer Name, 128 thisUpdate Time, 129 nextUpdate Time OPTIONAL, 130 revokedCertificates SEQUENCE OF SEQUENCE { 131 userCertificate CertificateSerialNumber, 132 revocationDate Time, 133 crlEntryExtensions EntryExtensions OPTIONAL } OPTIONAL, 134 crlExtensions [0] CRLExtensions OPTIONAL }} 135 136CRLExtensions ::= SEQUENCE SIZE (1..MAX) OF CRLExtension 137 138CRLExtension ::= SEQUENCE { 139 extnId EXTENSION.&id ({CRLExtensionSet}), 140 critical BOOLEAN DEFAULT FALSE, 141 extnValue OCTET STRING } 142 -- contains a DER encoding of a value of type 143 -- &ExtnType for the 144 -- extension object identified by extnId -- 145 146-- The following information object set is defined to constrain the 147-- set of legal CRL extensions. 148 149CRLExtensionSet EXTENSION ::= { authorityKeyIdentifier | 150 issuerAltName | 151 cRLNumber | 152 deltaCRLIndicator | 153 issuingDistributionPoint } 154 155-- EXTENSION defined above for certificates 156 157EntryExtensions ::= SEQUENCE SIZE (1..MAX) OF EntryExtension 158 159EntryExtension ::= SEQUENCE { 160 extnId EXTENSION.&id ({EntryExtensionSet}), 161 critical BOOLEAN DEFAULT FALSE, 162 extnValue OCTET STRING } 163 -- contains a DER encoding of a value of type 164 -- &ExtnType for the 165 -- extension object identified by extnId -- 166 167-- The following information object set is defined to constrain the 168-- set of legal CRL entry extensions. 169 170EntryExtensionSet EXTENSION ::= { reasonCode | 171 instructionCode | 172 invalidityDate | 173 certificateIssuer } 174 175 -- information object classes used in the defintion -- 176 -- of certificates and CRLs -- 177 178-- Parameterized Type SIGNED -- 179 180 SIGNED { ToBeSigned } ::= SEQUENCE { 181 toBeSigned ToBeSigned, 182 algorithm AlgorithmIdentifier, 183 signature BIT STRING 184 } 185 186-- Definition of AlgorithmIdentifier 187-- ISO definition was: 188-- 189-- AlgorithmIdentifier ::= SEQUENCE { 190-- algorithm ALGORITHM.&id({SupportedAlgorithms}), 191-- parameters ALGORITHM.&Type({SupportedAlgorithms} 192-- { @algorithm}) OPTIONAL } 193-- Definition of ALGORITHM 194-- ALGORITHM ::= TYPE-IDENTIFIER 195 196-- The following PKIX definition replaces the X.509 definition 197-- 198 199AlgorithmIdentifier ::= SEQUENCE { 200 algorithm ALGORITHM-ID.&id({SupportedAlgorithms}), 201 parameters ALGORITHM-ID.&Type({SupportedAlgorithms} 202 { @algorithm}) OPTIONAL } 203 204-- Definition of ALGORITHM-ID 205 206 ALGORITHM-ID ::= CLASS { 207 &id OBJECT IDENTIFIER UNIQUE, 208 &Type OPTIONAL 209 } 210 WITH SYNTAX { OID &id [PARMS &Type] } 211 212-- The definition of SupportedAlgorithms may be modified as this 213-- document does not specify a mandatory algorithm set. In addition, 214-- the set is specified as extensible, since additional algorithms 215-- may be supported 216 217SupportedAlgorithms ALGORITHM-ID ::= { ..., -- extensible 218 rsaPublicKey | 219 rsaSHA-1 | 220 rsaMD5 | 221 rsaMD2 | 222 dssPublicKey | 223 dsaSHA-1 | 224 dhPublicKey } 225 226-- OIDs and parameter structures for ALGORITHM-IDs used 227-- in this specification 228 229rsaPublicKey ALGORITHM-ID ::= { OID rsaEncryption PARMS NULL } 230 231rsaSHA-1 ALGORITHM-ID ::= { OID sha1WithRSAEncryption PARMS NULL } 232 233rsaMD5 ALGORITHM-ID ::= { OID md5WithRSAEncryption PARMS NULL } 234 235rsaMD2 ALGORITHM-ID ::= { OID md2WithRSAEncryption PARMS NULL } 236 237dssPublicKey ALGORITHM-ID ::= { OID id-dsa PARMS Dss-Parms } 238 239dsaSHA-1 ALGORITHM-ID ::= { OID id-dsa-with-sha1 } 240 241dhPublicKey ALGORITHM-ID ::= {OID dhpublicnumber PARMS DomainParameters} 242 243-- algorithm identifiers and parameter structures 244 245pkcs-1 OBJECT IDENTIFIER ::= { 246 iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 } 247 248rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } 249 250md2WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 2 } 251 252md5WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 4 } 253 254sha1WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 5 } 255 256id-dsa-with-sha1 OBJECT IDENTIFIER ::= { 257 iso(1) member-body(2) us(840) x9-57 (10040) x9algorithm(4) 3 } 258 259Dss-Sig-Value ::= SEQUENCE { 260 r INTEGER, 261 s INTEGER } 262 263dhpublicnumber OBJECT IDENTIFIER ::= { 264 iso(1) member-body(2) us(840) ansi-x942(10046) number-type(2) 1 } 265 266DomainParameters ::= SEQUENCE { 267 p INTEGER, -- odd prime, p=jq +1 268 g INTEGER, -- generator, g 269 q INTEGER, -- factor of p-1 270 j INTEGER OPTIONAL, -- subgroup factor, j>= 2 271 validationParms ValidationParms OPTIONAL } 272 273ValidationParms ::= SEQUENCE { 274 seed BIT STRING, 275 pgenCounter INTEGER } 276 277id-dsa OBJECT IDENTIFIER ::= { 278 iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) 1 } 279 280Dss-Parms ::= SEQUENCE { 281 p INTEGER, 282 q INTEGER, 283 g INTEGER } 284 285 -- The ASN.1 in this section supports the Name type 286 -- and the directoryAttribute extension 287 288-- attribute data types -- 289 290Attribute ::= SEQUENCE { 291 type ATTRIBUTE.&id ({SupportedAttributes}), 292 values SET SIZE (1 .. MAX) OF ATTRIBUTE.&Type 293 ({SupportedAttributes}{@type})} 294 295AttributeTypeAndValue ::= SEQUENCE { 296 type ATTRIBUTE.&id ({SupportedAttributes}), 297 value ATTRIBUTE.&Type ({SupportedAttributes}{@type})} 298 299-- naming data types -- 300 301Name ::= CHOICE { -- only one possibility for now -- 302 rdnSequence RDNSequence } 303 304RDNSequence ::= SEQUENCE OF RelativeDistinguishedName 305 306RelativeDistinguishedName ::= 307 SET SIZE (1 .. MAX) OF AttributeTypeAndValue 308 309ID ::= OBJECT IDENTIFIER 310 311-- ATTRIBUTE information object class specification 312-- Note: This has been greatly simplified for PKIX !! 313 314ATTRIBUTE ::= CLASS { 315 &Type, 316 &id OBJECT IDENTIFIER UNIQUE } 317WITH SYNTAX { 318 WITH SYNTAX &Type ID &id } 319 320-- suggested naming attributes 321-- Definition of the following information object set may be 322-- augmented to meet local requirements. Note that deleting 323-- members of the set may prevent interoperability with 324-- conforming implementations. 325 326SupportedAttributes ATTRIBUTE ::= { 327 name | commonName | surname | givenName | initials | 328 generationQualifier | dnQualifier | countryName | 329 localityName | stateOrProvinceName | organizationName | 330 organizationalUnitName | title | pkcs9email } 331 332name ATTRIBUTE ::= { 333 WITH SYNTAX DirectoryString { ub-name } 334 ID id-at-name } 335 336commonName ATTRIBUTE ::= { 337 WITH SYNTAX DirectoryString {ub-common-name} 338 ID id-at-commonName } 339 340surname ATTRIBUTE ::= { 341 WITH SYNTAX DirectoryString {ub-name} 342 ID id-at-surname } 343 344givenName ATTRIBUTE ::= { 345 WITH SYNTAX DirectoryString {ub-name} 346 ID id-at-givenName } 347 348initials ATTRIBUTE ::= { 349 WITH SYNTAX DirectoryString {ub-name} 350 ID id-at-initials } 351 352generationQualifier ATTRIBUTE ::= { 353 WITH SYNTAX DirectoryString {ub-name} 354 ID id-at-generationQualifier} 355 356dnQualifier ATTRIBUTE ::= { 357 WITH SYNTAX PrintableString 358 ID id-at-dnQualifier } 359 360 361countryName ATTRIBUTE ::= { 362 WITH SYNTAX PrintableString (SIZE (2)) 363 -- IS 3166 codes only 364 ID id-at-countryName } 365 366localityName ATTRIBUTE ::= { 367 WITH SYNTAX DirectoryString {ub-locality-name} 368 ID id-at-localityName } 369 370stateOrProvinceName ATTRIBUTE ::= { 371 WITH SYNTAX DirectoryString {ub-state-name} 372 ID id-at-stateOrProvinceName } 373 374organizationName ATTRIBUTE ::= { 375 WITH SYNTAX DirectoryString {ub-organization-name} 376 ID id-at-organizationName } 377 378organizationalUnitName ATTRIBUTE ::= { 379 WITH SYNTAX DirectoryString {ub-organizational-unit-name} 380 ID id-at-organizationalUnitName } 381 382title ATTRIBUTE ::= { 383 WITH SYNTAX DirectoryString {ub-title} 384 ID id-at-title } 385 386 -- Legacy attributes 387 388pkcs9email ATTRIBUTE ::= { 389 WITH SYNTAX PHGString 390 ID emailAddress } 391 392PHGString ::= IA5String (SIZE(1..ub-emailaddress-length)) 393 394pkcs-9 OBJECT IDENTIFIER ::= 395 { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 } 396 397emailAddress OBJECT IDENTIFIER ::= { pkcs-9 1 } 398 399 -- object identifiers for Name type and directory attribute support 400 401-- Object identifier assignments -- 402 403id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4} 404 405-- Attributes -- 406 407id-at-commonName OBJECT IDENTIFIER ::= {id-at 3} 408id-at-surname OBJECT IDENTIFIER ::= {id-at 4} 409id-at-countryName OBJECT IDENTIFIER ::= {id-at 6} 410id-at-localityName OBJECT IDENTIFIER ::= {id-at 7} 411id-at-stateOrProvinceName OBJECT IDENTIFIER ::= {id-at 8} 412id-at-organizationName OBJECT IDENTIFIER ::= {id-at 10} 413id-at-organizationalUnitName OBJECT IDENTIFIER ::= {id-at 11} 414id-at-title OBJECT IDENTIFIER ::= {id-at 12} 415id-at-name OBJECT IDENTIFIER ::= {id-at 41} 416id-at-givenName OBJECT IDENTIFIER ::= {id-at 42} 417id-at-initials OBJECT IDENTIFIER ::= {id-at 43} 418id-at-generationQualifier OBJECT IDENTIFIER ::= {id-at 44} 419id-at-dnQualifier OBJECT IDENTIFIER ::= {id-at 46} 420 421-- Directory string type, used extensively in Name types -- 422 423DirectoryString { INTEGER:maxSize } ::= CHOICE { 424 teletexString TeletexString (SIZE (1..maxSize)), 425 printableString PrintableString (SIZE (1..maxSize)), 426 universalString UniversalString (SIZE (1..maxSize)), 427 bmpString BMPString (SIZE(1..maxSize)), 428 utf8String UTF8String (SIZE(1..maxSize)) 429 } 430 431 -- End of ASN.1 for Name type and directory attribute support -- 432 433 -- The ASN.1 in this section supports X.400 style names -- 434 -- for implementations that use the x400Address component -- 435 -- of GeneralName. -- 436 437ORAddress ::= SEQUENCE { 438 built-in-standard-attributes BuiltInStandardAttributes, 439 built-in-domain-defined-attributes 440 BuiltInDomainDefinedAttributes OPTIONAL, 441 -- see also teletex-domain-defined-attributes 442 extension-attributes ExtensionAttributes OPTIONAL } 443 444-- The OR-address is semantically absent from the OR-name if the 445-- built-in-standard-attribute sequence is empty and the 446-- built-in-domain-defined-attributes and extension-attributes are 447-- both omitted. 448 449-- Built-in Standard Attributes 450 451BuiltInStandardAttributes ::= SEQUENCE { 452 country-name CountryName OPTIONAL, 453 administration-domain-name AdministrationDomainName OPTIONAL, 454 network-address [0] NetworkAddress OPTIONAL, 455 -- see also extended-network-address 456 terminal-identifier [1] TerminalIdentifier OPTIONAL, 457 private-domain-name [2] PrivateDomainName OPTIONAL, 458 organization-name [3] OrganizationName OPTIONAL, 459 -- see also teletex-organization-name 460 numeric-user-identifier [4] NumericUserIdentifier OPTIONAL, 461 personal-name [5] PersonalName OPTIONAL, 462 -- see also teletex-personal-name 463 organizational-unit-names [6] OrganizationalUnitNames OPTIONAL 464 -- see also teletex-organizational-unit-names -- } 465 466CountryName ::= [APPLICATION 1] CHOICE { 467 x121-dcc-code NumericString 468 (SIZE (ub-country-name-numeric-length)), 469 iso-3166-alpha2-code PrintableString 470 (SIZE (ub-country-name-alpha-length)) } 471 472AdministrationDomainName ::= [APPLICATION 2] CHOICE { 473 numeric NumericString (SIZE (0..ub-domain-name-length)), 474 printable PrintableString (SIZE (0..ub-domain-name-length)) } 475 476NetworkAddress ::= X121Address 477-- see also extended-network-address 478 479 480X121Address ::= NumericString (SIZE (1..ub-x121-address-length)) 481 482TerminalIdentifier ::= PrintableString (SIZE (1..ub-terminal-id-length)) 483 484PrivateDomainName ::= CHOICE { 485 numeric NumericString (SIZE (1..ub-domain-name-length)), 486 printable PrintableString (SIZE (1..ub-domain-name-length)) } 487 488OrganizationName ::= PrintableString 489 (SIZE (1..ub-organization-name-length)) 490-- see also teletex-organization-name 491 492NumericUserIdentifier ::= NumericString 493 (SIZE (1..ub-numeric-user-id-length)) 494 495PersonalName ::= SET { 496 surname [0] PrintableString (SIZE (1..ub-surname-length)), 497 given-name [1] PrintableString 498 (SIZE (1..ub-given-name-length)) OPTIONAL, 499 initials [2] PrintableString 500 (SIZE (1..ub-initials-length)) OPTIONAL, 501 generation-qualifier [3] PrintableString 502 (SIZE (1..ub-generation-qualifier-length)) OPTIONAL} 503-- see also teletex-personal-name 504 505OrganizationalUnitNames ::= SEQUENCE SIZE (1..ub-organizational-units) 506 OF OrganizationalUnitName 507-- see also teletex-organizational-unit-names 508 509OrganizationalUnitName ::= PrintableString (SIZE 510 (1..ub-organizational-unit-name-length)) 511 512-- Built-in Domain-defined Attributes 513BuiltInDomainDefinedAttributes ::= SEQUENCE SIZE 514 (1..ub-domain-defined-attributes) OF 515 BuiltInDomainDefinedAttribute 516 517BuiltInDomainDefinedAttribute ::= SEQUENCE { 518 type PrintableString (SIZE 519 (1..ub-domain-defined-attribute-type-length)), 520 value PrintableString (SIZE 521 (1..ub-domain-defined-attribute-value-length)) } 522 523-- Extension Attributes 524 525ExtensionAttributes ::= SET SIZE (1..ub-extension-attributes) 526 OF ExtensionAttribute 527ExtensionAttribute ::= SEQUENCE { 528 extension-attribute-type [0] EXTENSION-ATTRIBUTE.&id 529 ({ExtensionAttributeTable}), 530 extension-attribute-value [1] EXTENSION-ATTRIBUTE.&Type 531 ({ExtensionAttributeTable} {@extension-attribute-type}) } 532 533EXTENSION-ATTRIBUTE ::= CLASS { 534 &id INTEGER (0..ub-extension-attributes) UNIQUE, 535 &Type } 536WITH SYNTAX {&Type IDENTIFIED BY &id} 537 538ExtensionAttributeTable EXTENSION-ATTRIBUTE ::= { 539 common-name | 540 teletex-common-name | 541 teletex-organization-name | 542 teletex-personal-name | 543 teletex-organizational-unit-names | 544 teletex-domain-defined-attributes | 545 pds-name | 546 physical-delivery-country-name | 547 postal-code | 548 physical-delivery-office-name | 549 physical-delivery-office-number | 550 extension-OR-address-components | 551 physical-delivery-personal-name | 552 physical-delivery-organization-name | 553 extension-physical-delivery-address-components | 554 unformatted-postal-address | 555 street-address | 556 post-office-box-address | 557 poste-restante-address | 558 unique-postal-name | 559 local-postal-attributes | 560 extended-network-address | 561 terminal-type } 562 563-- Extension Standard Attributes 564 565common-name EXTENSION-ATTRIBUTE ::= {CommonName IDENTIFIED BY 1} 566 567CommonName ::= PrintableString (SIZE (1..ub-common-name-length)) 568 569teletex-common-name EXTENSION-ATTRIBUTE ::= 570 {TeletexCommonName IDENTIFIED BY 2} 571 572TeletexCommonName ::= TeletexString (SIZE (1..ub-common-name-length)) 573 574teletex-organization-name EXTENSION-ATTRIBUTE ::= 575 {TeletexOrganizationName IDENTIFIED BY 3} 576 577TeletexOrganizationName ::= 578 TeletexString (SIZE (1..ub-organization-name-length)) 579 580teletex-personal-name EXTENSION-ATTRIBUTE ::= 581 {TeletexPersonalName IDENTIFIED BY 4} 582 583TeletexPersonalName ::= SET { 584 surname [0] TeletexString (SIZE (1..ub-surname-length)), 585 given-name [1] TeletexString 586 (SIZE (1..ub-given-name-length)) OPTIONAL, 587 initials [2] TeletexString (SIZE (1..ub-initials-length)) OPTIONAL, 588 generation-qualifier [3] TeletexString (SIZE 589 (1..ub-generation-qualifier-length)) OPTIONAL } 590 591teletex-organizational-unit-names EXTENSION-ATTRIBUTE ::= 592 {TeletexOrganizationalUnitNames IDENTIFIED BY 5} 593 594TeletexOrganizationalUnitNames ::= SEQUENCE SIZE 595 (1..ub-organizational-units) OF TeletexOrganizationalUnitName 596 597TeletexOrganizationalUnitName ::= TeletexString 598 (SIZE (1..ub-organizational-unit-name-length)) 599 600pds-name EXTENSION-ATTRIBUTE ::= {PDSName IDENTIFIED BY 7} 601 602PDSName ::= PrintableString (SIZE (1..ub-pds-name-length)) 603 604physical-delivery-country-name EXTENSION-ATTRIBUTE ::= 605 {PhysicalDeliveryCountryName IDENTIFIED BY 8} 606 607PhysicalDeliveryCountryName ::= CHOICE { 608 x121-dcc-code NumericString (SIZE (ub-country-name-numeric-length)), 609 iso-3166-alpha2-code PrintableString 610 (SIZE (ub-country-name-alpha-length)) } 611 612postal-code EXTENSION-ATTRIBUTE ::= {PostalCode IDENTIFIED BY 9} 613 614PostalCode ::= CHOICE { 615 numeric-code NumericString (SIZE (1..ub-postal-code-length)), 616 printable-code PrintableString (SIZE (1..ub-postal-code-length)) } 617 618physical-delivery-office-name EXTENSION-ATTRIBUTE ::= 619 {PhysicalDeliveryOfficeName IDENTIFIED BY 10} 620 621PhysicalDeliveryOfficeName ::= PDSParameter 622 623physical-delivery-office-number EXTENSION-ATTRIBUTE ::= 624 {PhysicalDeliveryOfficeNumber IDENTIFIED BY 11} 625 626PhysicalDeliveryOfficeNumber ::= PDSParameter 627 628extension-OR-address-components EXTENSION-ATTRIBUTE ::= 629 {ExtensionORAddressComponents IDENTIFIED BY 12} 630 631ExtensionORAddressComponents ::= PDSParameter 632 633physical-delivery-personal-name EXTENSION-ATTRIBUTE ::= 634 {PhysicalDeliveryPersonalName IDENTIFIED BY 13} 635 636PhysicalDeliveryPersonalName ::= PDSParameter 637 638physical-delivery-organization-name EXTENSION-ATTRIBUTE ::= 639 {PhysicalDeliveryOrganizationName IDENTIFIED BY 14} 640 641PhysicalDeliveryOrganizationName ::= PDSParameter 642 643extension-physical-delivery-address-components EXTENSION-ATTRIBUTE ::= 644 {ExtensionPhysicalDeliveryAddressComponents IDENTIFIED BY 15} 645 646ExtensionPhysicalDeliveryAddressComponents ::= PDSParameter 647 648unformatted-postal-address EXTENSION-ATTRIBUTE ::= 649 {UnformattedPostalAddress IDENTIFIED BY 16} 650 651UnformattedPostalAddress ::= SET { 652 printable-address SEQUENCE SIZE (1..ub-pds-physical-address-lines) OF 653 PrintableString (SIZE (1..ub-pds-parameter-length)) OPTIONAL, 654 teletex-string TeletexString (SIZE 655 (1..ub-unformatted-address-length)) OPTIONAL } 656 657street-address EXTENSION-ATTRIBUTE ::= 658 {StreetAddress IDENTIFIED BY 17} 659 660StreetAddress ::= PDSParameter 661 662post-office-box-address EXTENSION-ATTRIBUTE ::= 663 {PostOfficeBoxAddress IDENTIFIED BY 18} 664 665PostOfficeBoxAddress ::= PDSParameter 666 667poste-restante-address EXTENSION-ATTRIBUTE ::= 668 {PosteRestanteAddress IDENTIFIED BY 19} 669 670PosteRestanteAddress ::= PDSParameter 671 672unique-postal-name EXTENSION-ATTRIBUTE ::= 673 {UniquePostalName IDENTIFIED BY 20} 674 675UniquePostalName ::= PDSParameter 676 677local-postal-attributes EXTENSION-ATTRIBUTE ::= 678 {LocalPostalAttributes IDENTIFIED BY 21} 679 680LocalPostalAttributes ::= PDSParameter 681 682PDSParameter ::= SET { 683 printable-string PrintableString 684 (SIZE(1..ub-pds-parameter-length)) OPTIONAL, 685 teletex-string TeletexString 686 (SIZE(1..ub-pds-parameter-length)) OPTIONAL } 687 688extended-network-address EXTENSION-ATTRIBUTE ::= 689 {ExtendedNetworkAddress IDENTIFIED BY 22} 690 691ExtendedNetworkAddress ::= CHOICE { 692 e163-4-address SEQUENCE { 693 number [0] NumericString 694 (SIZE (1..ub-e163-4-number-length)), 695 sub-address [1] NumericString 696 (SIZE (1..ub-e163-4-sub-address-length)) OPTIONAL}, 697 psap-address [0] PresentationAddress } 698 699PresentationAddress ::= SEQUENCE { 700 pSelector [0] EXPLICIT OCTET STRING OPTIONAL, 701 sSelector [1] EXPLICIT OCTET STRING OPTIONAL, 702 tSelector [2] EXPLICIT OCTET STRING OPTIONAL, 703 nAddresses [3] EXPLICIT SET SIZE (1..MAX) OF OCTET STRING} 704 705 706terminal-type EXTENSION-ATTRIBUTE ::= {TerminalType IDENTIFIED BY 23} 707 708TerminalType ::= INTEGER { 709 telex (3), 710 teletex (4), 711 g3-facsimile (5), 712 g4-facsimile (6), 713 ia5-terminal (7), 714 videotex (8) } (0..ub-integer-options) 715 716-- Extension Domain-defined Attributes 717 718teletex-domain-defined-attributes EXTENSION-ATTRIBUTE ::= 719 {TeletexDomainDefinedAttributes IDENTIFIED BY 6} 720 721TeletexDomainDefinedAttributes ::= SEQUENCE SIZE 722 (1..ub-domain-defined-attributes) OF TeletexDomainDefinedAttribute 723 724TeletexDomainDefinedAttribute ::= SEQUENCE { 725 type TeletexString 726 (SIZE (1..ub-domain-defined-attribute-type-length)), 727 value TeletexString 728 (SIZE (1..ub-domain-defined-attribute-value-length)) } 729 730-- specifications of Upper Bounds 731-- shall be regarded as mandatory 732-- from Annex B of ITU-T X.411 733-- Reference Definition of MTS Parameter Upper Bounds 734 735-- Upper Bounds 736ub-name INTEGER ::= 32768 737ub-common-name INTEGER ::= 64 738ub-locality-name INTEGER ::= 128 739ub-state-name INTEGER ::= 128 740ub-organization-name INTEGER ::= 64 741ub-organizational-unit-name INTEGER ::= 64 742ub-title INTEGER ::= 64 743ub-match INTEGER ::= 128 744 745ub-emailaddress-length INTEGER ::= 128 746 747ub-common-name-length INTEGER ::= 64 748ub-country-name-alpha-length INTEGER ::= 2 749ub-country-name-numeric-length INTEGER ::= 3 750ub-domain-defined-attributes INTEGER ::= 4 751ub-domain-defined-attribute-type-length INTEGER ::= 8 752ub-domain-defined-attribute-value-length INTEGER ::= 128 753ub-domain-name-length INTEGER ::= 16 754ub-extension-attributes INTEGER ::= 256 755ub-e163-4-number-length INTEGER ::= 15 756ub-e163-4-sub-address-length INTEGER ::= 40 757ub-generation-qualifier-length INTEGER ::= 3 758ub-given-name-length INTEGER ::= 16 759ub-initials-length INTEGER ::= 5 760ub-integer-options INTEGER ::= 256 761ub-numeric-user-id-length INTEGER ::= 32 762ub-organization-name-length INTEGER ::= 64 763ub-organizational-unit-name-length INTEGER ::= 32 764ub-organizational-units INTEGER ::= 4 765ub-pds-name-length INTEGER ::= 16 766ub-pds-parameter-length INTEGER ::= 30 767ub-pds-physical-address-lines INTEGER ::= 6 768ub-postal-code-length INTEGER ::= 16 769ub-surname-length INTEGER ::= 40 770ub-terminal-id-length INTEGER ::= 24 771ub-unformatted-address-length INTEGER ::= 180 772ub-x121-address-length INTEGER ::= 16 773 774-- Note - upper bounds on TeletexString are measured in characters. 775-- A significantly greater number of octets will be required to hold 776-- such a value. As a minimum, 16 octets, or twice the specified upper 777-- bound, whichever is the larger, should be allowed. 778 779END 780