xref: /freebsd/crypto/heimdal/lib/asn1/rfc2459.asn1 (revision d6b92ffa) 
1-- $Id$ --
2-- Definitions from rfc2459/rfc3280
3
4RFC2459 DEFINITIONS ::= BEGIN
5
6IMPORTS heim_any FROM heim;
7
8Version ::=  INTEGER {
9	rfc3280_version_1(0),
10	rfc3280_version_2(1),
11	rfc3280_version_3(2)
12}
13
14id-pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
15	rsadsi(113549) pkcs(1) 1 }
16id-pkcs1-rsaEncryption OBJECT IDENTIFIER ::=		{ id-pkcs-1 1 }
17id-pkcs1-md2WithRSAEncryption OBJECT IDENTIFIER ::=	{ id-pkcs-1 2 }
18id-pkcs1-md5WithRSAEncryption OBJECT IDENTIFIER ::=	{ id-pkcs-1 4 }
19id-pkcs1-sha1WithRSAEncryption OBJECT IDENTIFIER ::=	{ id-pkcs-1 5 }
20id-pkcs1-sha256WithRSAEncryption OBJECT IDENTIFIER ::=	{ id-pkcs-1 11 }
21id-pkcs1-sha384WithRSAEncryption OBJECT IDENTIFIER ::=	{ id-pkcs-1 12 }
22id-pkcs1-sha512WithRSAEncryption OBJECT IDENTIFIER ::=	{ id-pkcs-1 13 }
23
24id-heim-rsa-pkcs1-x509 OBJECT IDENTIFIER ::= { 1  2 752 43 16 1 }
25
26id-pkcs-2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
27	rsadsi(113549) pkcs(1) 2 }
28id-pkcs2-md2 OBJECT IDENTIFIER ::=		{ id-pkcs-2 2 }
29id-pkcs2-md4 OBJECT IDENTIFIER ::=		{ id-pkcs-2 4 }
30id-pkcs2-md5 OBJECT IDENTIFIER ::=		{ id-pkcs-2 5 }
31
32id-rsa-digestAlgorithm OBJECT IDENTIFIER ::=
33{ iso(1) member-body(2) us(840) rsadsi(113549) 2 }
34
35id-rsa-digest-md2 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 2 }
36id-rsa-digest-md4 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 4 }
37id-rsa-digest-md5 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 5 }
38
39id-pkcs-3 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
40	rsadsi(113549) pkcs(1) 3 }
41
42id-pkcs3-rc2-cbc OBJECT IDENTIFIER ::=		{ id-pkcs-3 2 }
43id-pkcs3-rc4     OBJECT IDENTIFIER ::=		{ id-pkcs-3 4 }
44id-pkcs3-des-ede3-cbc OBJECT IDENTIFIER ::=	{ id-pkcs-3 7 }
45
46id-rsadsi-encalg OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
47	rsadsi(113549) 3 }
48
49id-rsadsi-rc2-cbc OBJECT IDENTIFIER ::=		{ id-rsadsi-encalg 2 }
50id-rsadsi-des-ede3-cbc OBJECT IDENTIFIER ::=	{ id-rsadsi-encalg 7 }
51
52id-secsig-sha-1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
53	oiw(14) secsig(3) algorithm(2) 26 }
54
55id-secsig-sha-1WithRSAEncryption OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
56	oiw(14) secsig(3) algorithm(2) 29 }
57
58id-nistAlgorithm OBJECT IDENTIFIER ::= {
59   joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) 4 }
60
61id-nist-aes-algs OBJECT IDENTIFIER ::= { id-nistAlgorithm 1 }
62
63id-aes-128-cbc OBJECT IDENTIFIER ::=		{ id-nist-aes-algs 2 }
64id-aes-192-cbc OBJECT IDENTIFIER ::=		{ id-nist-aes-algs 22 }
65id-aes-256-cbc OBJECT IDENTIFIER ::=		{ id-nist-aes-algs 42 }
66
67id-nist-sha-algs OBJECT IDENTIFIER ::=		{ id-nistAlgorithm 2 }
68
69id-sha256 OBJECT IDENTIFIER ::=			{ id-nist-sha-algs 1 }
70id-sha224 OBJECT IDENTIFIER ::=			{ id-nist-sha-algs 4 }
71id-sha384 OBJECT IDENTIFIER ::=			{ id-nist-sha-algs 2 }
72id-sha512 OBJECT IDENTIFIER ::=			{ id-nist-sha-algs 3 }
73
74id-dhpublicnumber OBJECT IDENTIFIER ::= {
75        iso(1) member-body(2) us(840) ansi-x942(10046)
76        number-type(2) 1 }
77
78-- ECC
79
80id-ecPublicKey OBJECT IDENTIFIER ::= {
81       iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 }
82
83id-ecDH OBJECT IDENTIFIER ::= {
84       iso(1) identified-organization(3) certicom(132) schemes(1)
85       ecdh(12) }
86
87id-ecMQV OBJECT IDENTIFIER ::= {
88       iso(1) identified-organization(3) certicom(132) schemes(1)
89       ecmqv(13) }
90
91id-ecdsa-with-SHA256 OBJECT IDENTIFIER ::= {
92     iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
93     ecdsa-with-SHA2(3) 2 }
94
95id-ecdsa-with-SHA1 OBJECT IDENTIFIER ::= {
96     iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 1 }
97
98-- some EC group ids
99
100id-ec-group-secp256r1 OBJECT IDENTIFIER ::= {
101       iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3)
102       prime(1) 7 }
103
104id-ec-group-secp160r1 OBJECT IDENTIFIER ::= {
105       iso(1) identified-organization(3) certicom(132) 0 8 }
106
107id-ec-group-secp160r2 OBJECT IDENTIFIER ::= {
108       iso(1) identified-organization(3) certicom(132) 0 30 }
109
110-- DSA
111
112id-x9-57 OBJECT IDENTIFIER ::= {
113        iso(1) member-body(2) us(840) ansi-x942(10046) 4 }
114
115id-dsa OBJECT IDENTIFIER ::=		{ id-x9-57 1 }
116id-dsa-with-sha1 OBJECT IDENTIFIER ::=		{ id-x9-57 3 }
117
118-- x.520 names types
119
120id-x520-at 	OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) ds(5) 4 }
121
122id-at-commonName		OBJECT IDENTIFIER ::= { id-x520-at 3 }
123id-at-surname			OBJECT IDENTIFIER ::= { id-x520-at 4 }
124id-at-serialNumber		OBJECT IDENTIFIER ::= { id-x520-at 5 }
125id-at-countryName		OBJECT IDENTIFIER ::= { id-x520-at 6 }
126id-at-localityName		OBJECT IDENTIFIER ::= { id-x520-at 7 }
127id-at-stateOrProvinceName	OBJECT IDENTIFIER ::= { id-x520-at 8 }
128id-at-streetAddress		OBJECT IDENTIFIER ::= { id-x520-at 9 }
129id-at-organizationName		OBJECT IDENTIFIER ::= { id-x520-at 10 }
130id-at-organizationalUnitName	OBJECT IDENTIFIER ::= { id-x520-at 11 }
131id-at-name			OBJECT IDENTIFIER ::= { id-x520-at 41 }
132id-at-givenName			OBJECT IDENTIFIER ::= { id-x520-at 42 }
133id-at-initials			OBJECT IDENTIFIER ::= { id-x520-at 43 }
134id-at-generationQualifier	OBJECT IDENTIFIER ::= { id-x520-at 44 }
135id-at-pseudonym			OBJECT IDENTIFIER ::= { id-x520-at 65 }
136-- RFC 2247
137id-Userid		      	OBJECT IDENTIFIER ::=
138                          { 0 9 2342 19200300 100 1 1 }
139id-domainComponent      	OBJECT IDENTIFIER ::=
140                          { 0 9 2342 19200300 100 1 25 }
141
142
143-- rfc3280
144
145id-x509-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29}
146
147AlgorithmIdentifier ::= SEQUENCE {
148	algorithm	OBJECT IDENTIFIER,
149	parameters	heim_any OPTIONAL
150}
151
152AttributeType ::=   OBJECT IDENTIFIER
153
154AttributeValue ::=   heim_any
155
156DirectoryString ::= CHOICE {
157	ia5String	IA5String,
158	teletexString	TeletexString,
159	printableString	PrintableString,
160	universalString UniversalString,
161	utf8String	UTF8String,
162	bmpString	BMPString
163}
164
165Attribute ::= SEQUENCE {
166        type    AttributeType,
167        value   SET OF -- AttributeValue -- heim_any
168}
169
170AttributeTypeAndValue ::= SEQUENCE {
171        type    AttributeType,
172        value   DirectoryString
173}
174
175RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
176
177RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
178
179Name ::= CHOICE {
180	rdnSequence  RDNSequence
181}
182
183CertificateSerialNumber ::= INTEGER
184
185Time ::= CHOICE {
186     utcTime        UTCTime,
187     generalTime    GeneralizedTime
188}
189
190Validity ::= SEQUENCE {
191     notBefore      Time,
192     notAfter       Time
193}
194
195UniqueIdentifier  ::=  BIT STRING
196
197SubjectPublicKeyInfo  ::=  SEQUENCE  {
198     algorithm            AlgorithmIdentifier,
199     subjectPublicKey     BIT STRING
200}
201
202Extension  ::=  SEQUENCE  {
203     extnID      OBJECT IDENTIFIER,
204     critical    BOOLEAN OPTIONAL, -- DEFAULT FALSE XXX
205     extnValue   OCTET STRING
206}
207
208Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension
209
210TBSCertificate  ::=  SEQUENCE  {
211     version         [0]  Version OPTIONAL, -- EXPLICIT nnn DEFAULT 1,
212     serialNumber         CertificateSerialNumber,
213     signature            AlgorithmIdentifier,
214     issuer               Name,
215     validity             Validity,
216     subject              Name,
217     subjectPublicKeyInfo SubjectPublicKeyInfo,
218     issuerUniqueID  [1]  IMPLICIT BIT STRING -- UniqueIdentifier -- OPTIONAL,
219                          -- If present, version shall be v2 or v3
220     subjectUniqueID [2]  IMPLICIT BIT STRING -- UniqueIdentifier -- OPTIONAL,
221                          -- If present, version shall be v2 or v3
222     extensions      [3]  EXPLICIT Extensions OPTIONAL
223                          -- If present, version shall be v3
224}
225
226Certificate  ::=  SEQUENCE  {
227     tbsCertificate       TBSCertificate,
228     signatureAlgorithm   AlgorithmIdentifier,
229     signatureValue       BIT STRING
230}
231
232Certificates ::= SEQUENCE OF Certificate
233
234ValidationParms ::= SEQUENCE {
235	seed		BIT STRING,
236	pgenCounter	INTEGER
237}
238
239DomainParameters ::= SEQUENCE {
240	p		INTEGER, -- odd prime, p=jq +1
241	g		INTEGER, -- generator, g
242	q		INTEGER, -- factor of p-1
243	j		INTEGER OPTIONAL, -- subgroup factor
244	validationParms	ValidationParms OPTIONAL -- ValidationParms
245}
246
247-- As defined by PKCS3
248DHParameter ::= SEQUENCE {
249	prime		INTEGER, -- odd prime, p=jq +1
250	base		INTEGER, -- generator, g
251	privateValueLength INTEGER OPTIONAL
252}
253
254DHPublicKey ::= INTEGER
255
256OtherName ::= SEQUENCE {
257	type-id    OBJECT IDENTIFIER,
258	value      [0] EXPLICIT heim_any
259}
260
261GeneralName ::= CHOICE {
262	otherName			[0]     IMPLICIT -- OtherName -- SEQUENCE {
263		type-id    OBJECT IDENTIFIER,
264		value      [0] EXPLICIT heim_any
265	},
266	rfc822Name			[1]     IMPLICIT IA5String,
267	dNSName				[2]     IMPLICIT IA5String,
268--	x400Address			[3]     IMPLICIT ORAddress,--
269	directoryName			[4]     IMPLICIT -- Name -- CHOICE {
270		rdnSequence  RDNSequence
271	},
272--	ediPartyName			[5]     IMPLICIT EDIPartyName, --
273	uniformResourceIdentifier	[6]     IMPLICIT IA5String,
274	iPAddress			[7]     IMPLICIT OCTET STRING,
275	registeredID			[8]     IMPLICIT OBJECT IDENTIFIER
276}
277
278GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
279
280id-x509-ce-keyUsage OBJECT IDENTIFIER ::=  { id-x509-ce 15 }
281
282KeyUsage ::= BIT STRING {
283	digitalSignature	(0),
284	nonRepudiation		(1),
285	keyEncipherment		(2),
286	dataEncipherment	(3),
287	keyAgreement		(4),
288	keyCertSign		(5),
289	cRLSign			(6),
290	encipherOnly		(7),
291	decipherOnly		(8)
292}
293
294id-x509-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::=  { id-x509-ce 35 }
295
296KeyIdentifier ::= OCTET STRING
297
298AuthorityKeyIdentifier ::= SEQUENCE {
299	keyIdentifier             [0] IMPLICIT OCTET STRING OPTIONAL,
300	authorityCertIssuer       [1] IMPLICIT -- GeneralName --
301		SEQUENCE -- SIZE (1..MAX) -- OF GeneralName OPTIONAL,
302	authorityCertSerialNumber [2] IMPLICIT INTEGER OPTIONAL
303}
304
305id-x509-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::=  { id-x509-ce 14 }
306
307SubjectKeyIdentifier ::= KeyIdentifier
308
309id-x509-ce-basicConstraints OBJECT IDENTIFIER ::=  { id-x509-ce 19 }
310
311BasicConstraints ::= SEQUENCE {
312	cA                      BOOLEAN OPTIONAL -- DEFAULT FALSE --,
313	pathLenConstraint	INTEGER (0..4294967295) OPTIONAL
314}
315
316id-x509-ce-nameConstraints OBJECT IDENTIFIER ::=  { id-x509-ce 30 }
317
318BaseDistance ::= INTEGER -- (0..MAX) --
319
320GeneralSubtree ::= SEQUENCE {
321	base			GeneralName,
322	minimum		[0]	IMPLICIT -- BaseDistance -- INTEGER OPTIONAL -- DEFAULT 0 --,
323	maximum		[1]	IMPLICIT -- BaseDistance -- INTEGER OPTIONAL
324}
325
326GeneralSubtrees ::= SEQUENCE -- SIZE (1..MAX) -- OF GeneralSubtree
327
328NameConstraints ::= SEQUENCE {
329	permittedSubtrees       [0]     IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL,
330	excludedSubtrees        [1]     IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL
331}
332
333id-x509-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::=  { id-x509-ce 16 }
334id-x509-ce-certificatePolicies OBJECT IDENTIFIER ::=  { id-x509-ce 32 }
335id-x509-ce-policyMappings OBJECT IDENTIFIER ::=  { id-x509-ce 33 }
336id-x509-ce-subjectAltName OBJECT IDENTIFIER ::=  { id-x509-ce 17 }
337id-x509-ce-issuerAltName OBJECT IDENTIFIER ::=  { id-x509-ce 18 }
338id-x509-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::=  { id-x509-ce 9 }
339id-x509-ce-policyConstraints OBJECT IDENTIFIER ::=  { id-x509-ce 36 }
340
341id-x509-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-x509-ce 37}
342
343ExtKeyUsage ::= SEQUENCE OF OBJECT IDENTIFIER
344
345id-x509-ce-cRLDistributionPoints OBJECT IDENTIFIER ::=  { id-x509-ce 31 }
346id-x509-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-x509-ce 27 }
347id-x509-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-x509-ce 28 }
348id-x509-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-x509-ce 23 }
349id-x509-ce-invalidityDate OBJECT IDENTIFIER ::= { id-x509-ce 24 }
350id-x509-ce-certificateIssuer   OBJECT IDENTIFIER ::= { id-x509-ce 29 }
351id-x509-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::=  { id-x509-ce 54 }
352
353DistributionPointReasonFlags ::= BIT STRING {
354	unused                  (0),
355	keyCompromise           (1),
356	cACompromise            (2),
357	affiliationChanged      (3),
358	superseded              (4),
359	cessationOfOperation    (5),
360	certificateHold         (6),
361	privilegeWithdrawn      (7),
362	aACompromise            (8)
363}
364
365DistributionPointName ::= CHOICE {
366	fullName                [0]     IMPLICIT -- GeneralNames --  SEQUENCE SIZE (1..MAX) OF GeneralName,
367	nameRelativeToCRLIssuer [1]     RelativeDistinguishedName
368}
369
370DistributionPoint ::= SEQUENCE {
371	distributionPoint       [0]     IMPLICIT heim_any -- DistributionPointName -- OPTIONAL,
372	reasons                 [1]     IMPLICIT heim_any -- DistributionPointReasonFlags -- OPTIONAL,
373	cRLIssuer               [2]     IMPLICIT heim_any -- GeneralNames -- OPTIONAL
374}
375
376CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
377
378
379-- rfc3279
380
381DSASigValue  ::=  SEQUENCE {
382	r	INTEGER,
383	s	INTEGER
384}
385
386DSAPublicKey ::= INTEGER
387
388DSAParams  ::=  SEQUENCE {
389	p	INTEGER,
390	q	INTEGER,
391	g	INTEGER
392}
393
394-- draft-ietf-pkix-ecc-subpubkeyinfo-11
395
396ECPoint ::= OCTET STRING
397
398ECParameters ::= CHOICE {
399	namedCurve         OBJECT IDENTIFIER
400	-- implicitCurve   NULL
401	-- specifiedCurve  SpecifiedECDomain
402}
403
404ECDSA-Sig-Value ::= SEQUENCE {
405     r  INTEGER,
406     s  INTEGER
407}
408
409-- really pkcs1
410
411RSAPublicKey ::= SEQUENCE {
412	modulus INTEGER, -- n
413	publicExponent INTEGER -- e
414}
415
416RSAPrivateKey ::= SEQUENCE {
417	version INTEGER (0..4294967295),
418	modulus INTEGER, -- n
419	publicExponent INTEGER, -- e
420	privateExponent INTEGER, -- d
421	prime1 INTEGER, -- p
422	prime2 INTEGER, -- q
423	exponent1 INTEGER, -- d mod (p-1)
424	exponent2 INTEGER, -- d mod (q-1)
425	coefficient INTEGER -- (inverse of q) mod p
426}
427
428DigestInfo ::= SEQUENCE {
429	digestAlgorithm AlgorithmIdentifier,
430	digest OCTET STRING
431}
432
433-- some ms ext
434
435-- szOID_ENROLL_CERTTYPE_EXTENSION "1.3.6.1.4.1.311.20.2" is Encoded as a
436
437-- UNICODESTRING (0x1E tag)
438
439-- szOID_CERTIFICATE_TEMPLATE "1.3.6.1.4.1.311.21.7" is Encoded as:
440
441-- TemplateVersion ::= INTEGER (0..4294967295)
442
443-- CertificateTemplate ::= SEQUENCE {
444--	templateID OBJECT IDENTIFIER,
445--	templateMajorVersion TemplateVersion,
446--	templateMinorVersion TemplateVersion OPTIONAL
447-- }
448
449
450--
451-- CRL
452--
453
454TBSCRLCertList ::=  SEQUENCE  {
455	version			Version OPTIONAL, -- if present, MUST be v2
456	signature		AlgorithmIdentifier,
457	issuer			Name,
458	thisUpdate		Time,
459	nextUpdate		Time OPTIONAL,
460	revokedCertificates     SEQUENCE OF SEQUENCE  {
461		userCertificate         CertificateSerialNumber,
462		revocationDate          Time,
463		crlEntryExtensions      Extensions OPTIONAL
464						-- if present, MUST be v2
465	} OPTIONAL,
466	crlExtensions		[0] EXPLICIT Extensions OPTIONAL
467						-- if present, MUST be v2
468}
469
470
471CRLCertificateList ::=  SEQUENCE  {
472	tbsCertList          TBSCRLCertList,
473	signatureAlgorithm   AlgorithmIdentifier,
474	signatureValue       BIT STRING
475}
476
477id-x509-ce-cRLNumber OBJECT IDENTIFIER ::= { id-x509-ce 20 }
478id-x509-ce-freshestCRL OBJECT IDENTIFIER ::=  { id-x509-ce 46 }
479id-x509-ce-cRLReason OBJECT IDENTIFIER ::= { id-x509-ce 21 }
480
481CRLReason ::= ENUMERATED {
482	unspecified             (0),
483	keyCompromise           (1),
484	cACompromise            (2),
485	affiliationChanged      (3),
486	superseded              (4),
487	cessationOfOperation    (5),
488	certificateHold         (6),
489	removeFromCRL           (8),
490	privilegeWithdrawn      (9),
491	aACompromise           (10)
492}
493
494PKIXXmppAddr ::= UTF8String
495
496id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
497            dod(6) internet(1) security(5) mechanisms(5) pkix(7) }
498
499id-pkix-on OBJECT IDENTIFIER ::= { id-pkix 8 }
500id-pkix-on-xmppAddr OBJECT IDENTIFIER ::= { id-pkix-on 5 }
501id-pkix-on-dnsSRV OBJECT IDENTIFIER ::= { id-pkix-on 7 }
502
503id-pkix-kp OBJECT IDENTIFIER ::= { id-pkix 3 }
504id-pkix-kp-serverAuth OBJECT IDENTIFIER ::= { id-pkix-kp 1 }
505id-pkix-kp-clientAuth OBJECT IDENTIFIER ::= { id-pkix-kp 2 }
506id-pkix-kp-emailProtection OBJECT IDENTIFIER ::= { id-pkix-kp 4 }
507id-pkix-kp-timeStamping OBJECT IDENTIFIER ::= { id-pkix-kp 8 }
508id-pkix-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-pkix-kp 9 }
509
510id-pkix-pe OBJECT IDENTIFIER ::= { id-pkix 1 }
511
512id-pkix-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pkix-pe 1 }
513
514AccessDescription  ::=  SEQUENCE {
515	accessMethod          OBJECT IDENTIFIER,
516	accessLocation        GeneralName
517}
518
519AuthorityInfoAccessSyntax ::= SEQUENCE SIZE (1..MAX) OF AccessDescription
520
521-- RFC 3820 Proxy Certificate Profile
522
523id-pkix-pe-proxyCertInfo OBJECT IDENTIFIER ::= { id-pkix-pe 14 }
524
525id-pkix-ppl  OBJECT IDENTIFIER ::= { id-pkix 21 }
526
527id-pkix-ppl-anyLanguage     OBJECT IDENTIFIER ::= { id-pkix-ppl 0 }
528id-pkix-ppl-inheritAll      OBJECT IDENTIFIER ::= { id-pkix-ppl 1 }
529id-pkix-ppl-independent     OBJECT IDENTIFIER ::= { id-pkix-ppl 2 }
530
531ProxyPolicy ::= SEQUENCE {
532	policyLanguage		OBJECT IDENTIFIER,
533	policy			OCTET STRING OPTIONAL
534}
535
536ProxyCertInfo ::= SEQUENCE {
537	pCPathLenConstraint	INTEGER (0..4294967295) OPTIONAL, -- really MAX
538	proxyPolicy		ProxyPolicy
539}
540
541--- U.S. Federal PKI Common Policy Framework
542-- Card Authentication key
543id-uspkicommon-card-id OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 6 }
544id-uspkicommon-piv-interim OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 9 1 }
545
546--- Netscape extentions
547
548id-netscape OBJECT IDENTIFIER ::=
549    { joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730) }
550id-netscape-cert-comment OBJECT IDENTIFIER ::= { id-netscape 1 13 }
551
552--- MS extentions
553
554id-ms-cert-enroll-domaincontroller OBJECT IDENTIFIER ::=
555    { 1 3 6 1 4 1 311 20 2 }
556
557id-ms-client-authentication OBJECT IDENTIFIER ::=
558 { 1 3 6 1 5 5 7 3 2 }
559
560-- DER:1e:20:00:44:00:6f:00:6d:00:61:00:69:00:6e:00:43:00:6f:00:6e:00:74:00:72:00:6f:00:6c:00:6c:00:65:00:72
561
562END
563