4cea95a547
Submitted by: Reviewed by: PR:
764 lines
24 KiB
Text
764 lines
24 KiB
Text
0 : CCITT : ccitt
|
|
|
|
1 : ISO : iso
|
|
|
|
2 : JOINT-ISO-CCITT : joint-iso-ccitt
|
|
|
|
iso 2 : member-body : ISO Member Body
|
|
|
|
joint-iso-ccitt 5 1 5 : selected-attribute-types : Selected Attribute Types
|
|
|
|
selected-attribute-types 55 : clearance
|
|
|
|
member-body 840 : ISO-US : ISO US Member Body
|
|
ISO-US 10040 : X9-57 : X9.57
|
|
X9-57 4 : X9cm : X9.57 CM ?
|
|
|
|
!Cname dsa
|
|
X9cm 1 : DSA : dsaEncryption
|
|
X9cm 3 : DSA-SHA1 : dsaWithSHA1
|
|
|
|
|
|
ISO-US 10045 : ansi-X9-62 : ANSI X9.62
|
|
!module X9-62
|
|
!Alias id-fieldType ansi-X9-62 1
|
|
X9-62_id-fieldType 1 : prime-field
|
|
X9-62_id-fieldType 2 : characteristic-two-field
|
|
# ... characteristic-two-field OID subtree
|
|
!Alias id-publicKeyType ansi-X9-62 2
|
|
X9-62_id-publicKeyType 1 : id-ecPublicKey
|
|
!Alias ellipticCurve ansi-X9-62 3
|
|
!Alias c-TwoCurve X9-62_ellipticCurve 0
|
|
# ... characteristic 2 curve OIDs
|
|
!Alias primeCurve X9-62_ellipticCurve 1
|
|
X9-62_primeCurve 1 : prime192v1
|
|
X9-62_primeCurve 2 : prime192v2
|
|
X9-62_primeCurve 3 : prime192v3
|
|
X9-62_primeCurve 4 : prime239v1
|
|
X9-62_primeCurve 5 : prime239v2
|
|
X9-62_primeCurve 6 : prime239v3
|
|
X9-62_primeCurve 7 : prime256v1
|
|
!Alias id-ecSigType ansi-X9-62 4
|
|
!global
|
|
X9-62_id-ecSigType 1 : ecdsa-with-SHA1
|
|
|
|
|
|
|
|
ISO-US 113533 7 66 10 : CAST5-CBC : cast5-cbc
|
|
: CAST5-ECB : cast5-ecb
|
|
!Cname cast5-cfb64
|
|
: CAST5-CFB : cast5-cfb
|
|
!Cname cast5-ofb64
|
|
: CAST5-OFB : cast5-ofb
|
|
!Cname pbeWithMD5AndCast5-CBC
|
|
ISO-US 113533 7 66 12 : : pbeWithMD5AndCast5CBC
|
|
|
|
ISO-US 113549 : rsadsi : RSA Data Security, Inc.
|
|
|
|
rsadsi 1 : pkcs : RSA Data Security, Inc. PKCS
|
|
|
|
pkcs 1 : pkcs1
|
|
pkcs1 1 : : rsaEncryption
|
|
pkcs1 2 : RSA-MD2 : md2WithRSAEncryption
|
|
pkcs1 3 : RSA-MD4 : md4WithRSAEncryption
|
|
pkcs1 4 : RSA-MD5 : md5WithRSAEncryption
|
|
pkcs1 5 : RSA-SHA1 : sha1WithRSAEncryption
|
|
|
|
pkcs 3 : pkcs3
|
|
pkcs3 1 : : dhKeyAgreement
|
|
|
|
pkcs 5 : pkcs5
|
|
pkcs5 1 : PBE-MD2-DES : pbeWithMD2AndDES-CBC
|
|
pkcs5 3 : PBE-MD5-DES : pbeWithMD5AndDES-CBC
|
|
pkcs5 4 : PBE-MD2-RC2-64 : pbeWithMD2AndRC2-CBC
|
|
pkcs5 6 : PBE-MD5-RC2-64 : pbeWithMD5AndRC2-CBC
|
|
pkcs5 10 : PBE-SHA1-DES : pbeWithSHA1AndDES-CBC
|
|
pkcs5 11 : PBE-SHA1-RC2-64 : pbeWithSHA1AndRC2-CBC
|
|
!Cname id_pbkdf2
|
|
pkcs5 12 : : PBKDF2
|
|
!Cname pbes2
|
|
pkcs5 13 : : PBES2
|
|
!Cname pbmac1
|
|
pkcs5 14 : : PBMAC1
|
|
|
|
pkcs 7 : pkcs7
|
|
pkcs7 1 : : pkcs7-data
|
|
!Cname pkcs7-signed
|
|
pkcs7 2 : : pkcs7-signedData
|
|
!Cname pkcs7-enveloped
|
|
pkcs7 3 : : pkcs7-envelopedData
|
|
!Cname pkcs7-signedAndEnveloped
|
|
pkcs7 4 : : pkcs7-signedAndEnvelopedData
|
|
!Cname pkcs7-digest
|
|
pkcs7 5 : : pkcs7-digestData
|
|
!Cname pkcs7-encrypted
|
|
pkcs7 6 : : pkcs7-encryptedData
|
|
|
|
pkcs 9 : pkcs9
|
|
!module pkcs9
|
|
pkcs9 1 : : emailAddress
|
|
pkcs9 2 : : unstructuredName
|
|
pkcs9 3 : : contentType
|
|
pkcs9 4 : : messageDigest
|
|
pkcs9 5 : : signingTime
|
|
pkcs9 6 : : countersignature
|
|
pkcs9 7 : : challengePassword
|
|
pkcs9 8 : : unstructuredAddress
|
|
!Cname extCertAttributes
|
|
pkcs9 9 : : extendedCertificateAttributes
|
|
!global
|
|
|
|
!Cname ext-req
|
|
pkcs9 14 : extReq : Extension Request
|
|
|
|
!Cname SMIMECapabilities
|
|
pkcs9 15 : SMIME-CAPS : S/MIME Capabilities
|
|
|
|
# S/MIME
|
|
!Cname SMIME
|
|
pkcs9 16 : SMIME : S/MIME
|
|
SMIME 0 : id-smime-mod
|
|
SMIME 1 : id-smime-ct
|
|
SMIME 2 : id-smime-aa
|
|
SMIME 3 : id-smime-alg
|
|
SMIME 4 : id-smime-cd
|
|
SMIME 5 : id-smime-spq
|
|
SMIME 6 : id-smime-cti
|
|
|
|
# S/MIME Modules
|
|
id-smime-mod 1 : id-smime-mod-cms
|
|
id-smime-mod 2 : id-smime-mod-ess
|
|
id-smime-mod 3 : id-smime-mod-oid
|
|
id-smime-mod 4 : id-smime-mod-msg-v3
|
|
id-smime-mod 5 : id-smime-mod-ets-eSignature-88
|
|
id-smime-mod 6 : id-smime-mod-ets-eSignature-97
|
|
id-smime-mod 7 : id-smime-mod-ets-eSigPolicy-88
|
|
id-smime-mod 8 : id-smime-mod-ets-eSigPolicy-97
|
|
|
|
# S/MIME Content Types
|
|
id-smime-ct 1 : id-smime-ct-receipt
|
|
id-smime-ct 2 : id-smime-ct-authData
|
|
id-smime-ct 3 : id-smime-ct-publishCert
|
|
id-smime-ct 4 : id-smime-ct-TSTInfo
|
|
id-smime-ct 5 : id-smime-ct-TDTInfo
|
|
id-smime-ct 6 : id-smime-ct-contentInfo
|
|
id-smime-ct 7 : id-smime-ct-DVCSRequestData
|
|
id-smime-ct 8 : id-smime-ct-DVCSResponseData
|
|
|
|
# S/MIME Attributes
|
|
id-smime-aa 1 : id-smime-aa-receiptRequest
|
|
id-smime-aa 2 : id-smime-aa-securityLabel
|
|
id-smime-aa 3 : id-smime-aa-mlExpandHistory
|
|
id-smime-aa 4 : id-smime-aa-contentHint
|
|
id-smime-aa 5 : id-smime-aa-msgSigDigest
|
|
# obsolete
|
|
id-smime-aa 6 : id-smime-aa-encapContentType
|
|
id-smime-aa 7 : id-smime-aa-contentIdentifier
|
|
# obsolete
|
|
id-smime-aa 8 : id-smime-aa-macValue
|
|
id-smime-aa 9 : id-smime-aa-equivalentLabels
|
|
id-smime-aa 10 : id-smime-aa-contentReference
|
|
id-smime-aa 11 : id-smime-aa-encrypKeyPref
|
|
id-smime-aa 12 : id-smime-aa-signingCertificate
|
|
id-smime-aa 13 : id-smime-aa-smimeEncryptCerts
|
|
id-smime-aa 14 : id-smime-aa-timeStampToken
|
|
id-smime-aa 15 : id-smime-aa-ets-sigPolicyId
|
|
id-smime-aa 16 : id-smime-aa-ets-commitmentType
|
|
id-smime-aa 17 : id-smime-aa-ets-signerLocation
|
|
id-smime-aa 18 : id-smime-aa-ets-signerAttr
|
|
id-smime-aa 19 : id-smime-aa-ets-otherSigCert
|
|
id-smime-aa 20 : id-smime-aa-ets-contentTimestamp
|
|
id-smime-aa 21 : id-smime-aa-ets-CertificateRefs
|
|
id-smime-aa 22 : id-smime-aa-ets-RevocationRefs
|
|
id-smime-aa 23 : id-smime-aa-ets-certValues
|
|
id-smime-aa 24 : id-smime-aa-ets-revocationValues
|
|
id-smime-aa 25 : id-smime-aa-ets-escTimeStamp
|
|
id-smime-aa 26 : id-smime-aa-ets-certCRLTimestamp
|
|
id-smime-aa 27 : id-smime-aa-ets-archiveTimeStamp
|
|
id-smime-aa 28 : id-smime-aa-signatureType
|
|
id-smime-aa 29 : id-smime-aa-dvcs-dvc
|
|
|
|
# S/MIME Algorithm Identifiers
|
|
# obsolete
|
|
id-smime-alg 1 : id-smime-alg-ESDHwith3DES
|
|
# obsolete
|
|
id-smime-alg 2 : id-smime-alg-ESDHwithRC2
|
|
# obsolete
|
|
id-smime-alg 3 : id-smime-alg-3DESwrap
|
|
# obsolete
|
|
id-smime-alg 4 : id-smime-alg-RC2wrap
|
|
id-smime-alg 5 : id-smime-alg-ESDH
|
|
id-smime-alg 6 : id-smime-alg-CMS3DESwrap
|
|
id-smime-alg 7 : id-smime-alg-CMSRC2wrap
|
|
|
|
# S/MIME Certificate Distribution
|
|
id-smime-cd 1 : id-smime-cd-ldap
|
|
|
|
# S/MIME Signature Policy Qualifier
|
|
id-smime-spq 1 : id-smime-spq-ets-sqt-uri
|
|
id-smime-spq 2 : id-smime-spq-ets-sqt-unotice
|
|
|
|
# S/MIME Commitment Type Identifier
|
|
id-smime-cti 1 : id-smime-cti-ets-proofOfOrigin
|
|
id-smime-cti 2 : id-smime-cti-ets-proofOfReceipt
|
|
id-smime-cti 3 : id-smime-cti-ets-proofOfDelivery
|
|
id-smime-cti 4 : id-smime-cti-ets-proofOfSender
|
|
id-smime-cti 5 : id-smime-cti-ets-proofOfApproval
|
|
id-smime-cti 6 : id-smime-cti-ets-proofOfCreation
|
|
|
|
pkcs9 20 : : friendlyName
|
|
pkcs9 21 : : localKeyID
|
|
!Cname ms-csp-name
|
|
1 3 6 1 4 1 311 17 1 : CSPName : Microsoft CSP Name
|
|
!Alias certTypes pkcs9 22
|
|
certTypes 1 : : x509Certificate
|
|
certTypes 2 : : sdsiCertificate
|
|
!Alias crlTypes pkcs9 23
|
|
crlTypes 1 : : x509Crl
|
|
|
|
!Alias pkcs12 pkcs 12
|
|
!Alias pkcs12-pbeids pkcs12 1
|
|
|
|
!Cname pbe-WithSHA1And128BitRC4
|
|
pkcs12-pbeids 1 : PBE-SHA1-RC4-128 : pbeWithSHA1And128BitRC4
|
|
!Cname pbe-WithSHA1And40BitRC4
|
|
pkcs12-pbeids 2 : PBE-SHA1-RC4-40 : pbeWithSHA1And40BitRC4
|
|
!Cname pbe-WithSHA1And3_Key_TripleDES-CBC
|
|
pkcs12-pbeids 3 : PBE-SHA1-3DES : pbeWithSHA1And3-KeyTripleDES-CBC
|
|
!Cname pbe-WithSHA1And2_Key_TripleDES-CBC
|
|
pkcs12-pbeids 4 : PBE-SHA1-2DES : pbeWithSHA1And2-KeyTripleDES-CBC
|
|
!Cname pbe-WithSHA1And128BitRC2-CBC
|
|
pkcs12-pbeids 5 : PBE-SHA1-RC2-128 : pbeWithSHA1And128BitRC2-CBC
|
|
!Cname pbe-WithSHA1And40BitRC2-CBC
|
|
pkcs12-pbeids 6 : PBE-SHA1-RC2-40 : pbeWithSHA1And40BitRC2-CBC
|
|
|
|
!Alias pkcs12-Version1 pkcs12 10
|
|
!Alias pkcs12-BagIds pkcs12-Version1 1
|
|
pkcs12-BagIds 1 : : keyBag
|
|
pkcs12-BagIds 2 : : pkcs8ShroudedKeyBag
|
|
pkcs12-BagIds 3 : : certBag
|
|
pkcs12-BagIds 4 : : crlBag
|
|
pkcs12-BagIds 5 : : secretBag
|
|
pkcs12-BagIds 6 : : safeContentsBag
|
|
|
|
rsadsi 2 2 : MD2 : md2
|
|
rsadsi 2 4 : MD4 : md4
|
|
rsadsi 2 5 : MD5 : md5
|
|
: MD5-SHA1 : md5-sha1
|
|
rsadsi 2 7 : : hmacWithSHA1
|
|
rsadsi 3 2 : RC2-CBC : rc2-cbc
|
|
: RC2-ECB : rc2-ecb
|
|
!Cname rc2-cfb64
|
|
: RC2-CFB : rc2-cfb
|
|
!Cname rc2-ofb64
|
|
: RC2-OFB : rc2-ofb
|
|
: RC2-40-CBC : rc2-40-cbc
|
|
: RC2-64-CBC : rc2-64-cbc
|
|
rsadsi 3 4 : RC4 : rc4
|
|
: RC4-40 : rc4-40
|
|
rsadsi 3 7 : DES-EDE3-CBC : des-ede3-cbc
|
|
rsadsi 3 8 : RC5-CBC : rc5-cbc
|
|
: RC5-ECB : rc5-ecb
|
|
!Cname rc5-cfb64
|
|
: RC5-CFB : rc5-cfb
|
|
!Cname rc5-ofb64
|
|
: RC5-OFB : rc5-ofb
|
|
|
|
!Cname ms-ext-req
|
|
1 3 6 1 4 1 311 2 1 14 : msExtReq : Microsoft Extension Request
|
|
!Cname ms-code-ind
|
|
1 3 6 1 4 1 311 2 1 21 : msCodeInd : Microsoft Individual Code Signing
|
|
!Cname ms-code-com
|
|
1 3 6 1 4 1 311 2 1 22 : msCodeCom : Microsoft Commercial Code Signing
|
|
!Cname ms-ctl-sign
|
|
1 3 6 1 4 1 311 10 3 1 : msCTLSign : Microsoft Trust List Signing
|
|
!Cname ms-sgc
|
|
1 3 6 1 4 1 311 10 3 3 : msSGC : Microsoft Server Gated Crypto
|
|
!Cname ms-efs
|
|
1 3 6 1 4 1 311 10 3 4 : msEFS : Microsoft Encrypted File System
|
|
|
|
1 3 6 1 4 1 188 7 1 1 2 : IDEA-CBC : idea-cbc
|
|
: IDEA-ECB : idea-ecb
|
|
!Cname idea-cfb64
|
|
: IDEA-CFB : idea-cfb
|
|
!Cname idea-ofb64
|
|
: IDEA-OFB : idea-ofb
|
|
|
|
1 3 6 1 4 1 3029 1 2 : BF-CBC : bf-cbc
|
|
: BF-ECB : bf-ecb
|
|
!Cname bf-cfb64
|
|
: BF-CFB : bf-cfb
|
|
!Cname bf-ofb64
|
|
: BF-OFB : bf-ofb
|
|
|
|
!Cname id-pkix
|
|
1 3 6 1 5 5 7 : PKIX
|
|
|
|
# PKIX Arcs
|
|
id-pkix 0 : id-pkix-mod
|
|
id-pkix 1 : id-pe
|
|
id-pkix 2 : id-qt
|
|
id-pkix 3 : id-kp
|
|
id-pkix 4 : id-it
|
|
id-pkix 5 : id-pkip
|
|
id-pkix 6 : id-alg
|
|
id-pkix 7 : id-cmc
|
|
id-pkix 8 : id-on
|
|
id-pkix 9 : id-pda
|
|
id-pkix 10 : id-aca
|
|
id-pkix 11 : id-qcs
|
|
id-pkix 12 : id-cct
|
|
id-pkix 48 : id-ad
|
|
|
|
# PKIX Modules
|
|
id-pkix-mod 1 : id-pkix1-explicit-88
|
|
id-pkix-mod 2 : id-pkix1-implicit-88
|
|
id-pkix-mod 3 : id-pkix1-explicit-93
|
|
id-pkix-mod 4 : id-pkix1-implicit-93
|
|
id-pkix-mod 5 : id-mod-crmf
|
|
id-pkix-mod 6 : id-mod-cmc
|
|
id-pkix-mod 7 : id-mod-kea-profile-88
|
|
id-pkix-mod 8 : id-mod-kea-profile-93
|
|
id-pkix-mod 9 : id-mod-cmp
|
|
id-pkix-mod 10 : id-mod-qualified-cert-88
|
|
id-pkix-mod 11 : id-mod-qualified-cert-93
|
|
id-pkix-mod 12 : id-mod-attribute-cert
|
|
id-pkix-mod 13 : id-mod-timestamp-protocol
|
|
id-pkix-mod 14 : id-mod-ocsp
|
|
id-pkix-mod 15 : id-mod-dvcs
|
|
id-pkix-mod 16 : id-mod-cmp2000
|
|
|
|
# PKIX Private Extensions
|
|
!Cname info-access
|
|
id-pe 1 : authorityInfoAccess : Authority Information Access
|
|
id-pe 2 : biometricInfo : Biometric Info
|
|
id-pe 3 : qcStatements
|
|
id-pe 4 : ac-auditEntity
|
|
id-pe 5 : ac-targeting
|
|
id-pe 6 : aaControls
|
|
id-pe 7 : sbqp-ipAddrBlock
|
|
id-pe 8 : sbqp-autonomousSysNum
|
|
id-pe 9 : sbqp-routerIdentifier
|
|
id-pe 10 : ac-proxying
|
|
!Cname sinfo-access
|
|
id-pe 11 : subjectInfoAccess : Subject Information Access
|
|
|
|
# PKIX policyQualifiers for Internet policy qualifiers
|
|
id-qt 1 : id-qt-cps : Policy Qualifier CPS
|
|
id-qt 2 : id-qt-unotice : Policy Qualifier User Notice
|
|
id-qt 3 : textNotice
|
|
|
|
# PKIX key purpose identifiers
|
|
!Cname server-auth
|
|
id-kp 1 : serverAuth : TLS Web Server Authentication
|
|
!Cname client-auth
|
|
id-kp 2 : clientAuth : TLS Web Client Authentication
|
|
!Cname code-sign
|
|
id-kp 3 : codeSigning : Code Signing
|
|
!Cname email-protect
|
|
id-kp 4 : emailProtection : E-mail Protection
|
|
id-kp 5 : ipsecEndSystem : IPSec End System
|
|
id-kp 6 : ipsecTunnel : IPSec Tunnel
|
|
id-kp 7 : ipsecUser : IPSec User
|
|
!Cname time-stamp
|
|
id-kp 8 : timeStamping : Time Stamping
|
|
# From OCSP spec RFC2560
|
|
!Cname OCSP-sign
|
|
id-kp 9 : OCSPSigning : OCSP Signing
|
|
id-kp 10 : DVCS : dvcs
|
|
|
|
# CMP information types
|
|
id-it 1 : id-it-caProtEncCert
|
|
id-it 2 : id-it-signKeyPairTypes
|
|
id-it 3 : id-it-encKeyPairTypes
|
|
id-it 4 : id-it-preferredSymmAlg
|
|
id-it 5 : id-it-caKeyUpdateInfo
|
|
id-it 6 : id-it-currentCRL
|
|
id-it 7 : id-it-unsupportedOIDs
|
|
# obsolete
|
|
id-it 8 : id-it-subscriptionRequest
|
|
# obsolete
|
|
id-it 9 : id-it-subscriptionResponse
|
|
id-it 10 : id-it-keyPairParamReq
|
|
id-it 11 : id-it-keyPairParamRep
|
|
id-it 12 : id-it-revPassphrase
|
|
id-it 13 : id-it-implicitConfirm
|
|
id-it 14 : id-it-confirmWaitTime
|
|
id-it 15 : id-it-origPKIMessage
|
|
|
|
# CRMF registration
|
|
id-pkip 1 : id-regCtrl
|
|
id-pkip 2 : id-regInfo
|
|
|
|
# CRMF registration controls
|
|
id-regCtrl 1 : id-regCtrl-regToken
|
|
id-regCtrl 2 : id-regCtrl-authenticator
|
|
id-regCtrl 3 : id-regCtrl-pkiPublicationInfo
|
|
id-regCtrl 4 : id-regCtrl-pkiArchiveOptions
|
|
id-regCtrl 5 : id-regCtrl-oldCertID
|
|
id-regCtrl 6 : id-regCtrl-protocolEncrKey
|
|
|
|
# CRMF registration information
|
|
id-regInfo 1 : id-regInfo-utf8Pairs
|
|
id-regInfo 2 : id-regInfo-certReq
|
|
|
|
# algorithms
|
|
id-alg 1 : id-alg-des40
|
|
id-alg 2 : id-alg-noSignature
|
|
id-alg 3 : id-alg-dh-sig-hmac-sha1
|
|
id-alg 4 : id-alg-dh-pop
|
|
|
|
# CMC controls
|
|
id-cmc 1 : id-cmc-statusInfo
|
|
id-cmc 2 : id-cmc-identification
|
|
id-cmc 3 : id-cmc-identityProof
|
|
id-cmc 4 : id-cmc-dataReturn
|
|
id-cmc 5 : id-cmc-transactionId
|
|
id-cmc 6 : id-cmc-senderNonce
|
|
id-cmc 7 : id-cmc-recipientNonce
|
|
id-cmc 8 : id-cmc-addExtensions
|
|
id-cmc 9 : id-cmc-encryptedPOP
|
|
id-cmc 10 : id-cmc-decryptedPOP
|
|
id-cmc 11 : id-cmc-lraPOPWitness
|
|
id-cmc 15 : id-cmc-getCert
|
|
id-cmc 16 : id-cmc-getCRL
|
|
id-cmc 17 : id-cmc-revokeRequest
|
|
id-cmc 18 : id-cmc-regInfo
|
|
id-cmc 19 : id-cmc-responseInfo
|
|
id-cmc 21 : id-cmc-queryPending
|
|
id-cmc 22 : id-cmc-popLinkRandom
|
|
id-cmc 23 : id-cmc-popLinkWitness
|
|
id-cmc 24 : id-cmc-confirmCertAcceptance
|
|
|
|
# other names
|
|
id-on 1 : id-on-personalData
|
|
|
|
# personal data attributes
|
|
id-pda 1 : id-pda-dateOfBirth
|
|
id-pda 2 : id-pda-placeOfBirth
|
|
id-pda 3 : id-pda-gender
|
|
id-pda 4 : id-pda-countryOfCitizenship
|
|
id-pda 5 : id-pda-countryOfResidence
|
|
|
|
# attribute certificate attributes
|
|
id-aca 1 : id-aca-authenticationInfo
|
|
id-aca 2 : id-aca-accessIdentity
|
|
id-aca 3 : id-aca-chargingIdentity
|
|
id-aca 4 : id-aca-group
|
|
# attention : the following seems to be obsolete, replace by 'role'
|
|
id-aca 5 : id-aca-role
|
|
id-aca 6 : id-aca-encAttrs
|
|
|
|
# qualified certificate statements
|
|
id-qcs 1 : id-qcs-pkixQCSyntax-v1
|
|
|
|
# CMC content types
|
|
id-cct 1 : id-cct-crs
|
|
id-cct 2 : id-cct-PKIData
|
|
id-cct 3 : id-cct-PKIResponse
|
|
|
|
# access descriptors for authority info access extension
|
|
!Cname ad-OCSP
|
|
id-ad 1 : OCSP : OCSP
|
|
!Cname ad-ca-issuers
|
|
id-ad 2 : caIssuers : CA Issuers
|
|
!Cname ad-timeStamping
|
|
id-ad 3 : ad_timestamping : AD Time Stamping
|
|
!Cname ad-dvcs
|
|
id-ad 4 : AD_DVCS : ad dvcs
|
|
|
|
|
|
!Alias id-pkix-OCSP ad-OCSP
|
|
!module id-pkix-OCSP
|
|
!Cname basic
|
|
id-pkix-OCSP 1 : basicOCSPResponse : Basic OCSP Response
|
|
id-pkix-OCSP 2 : Nonce : OCSP Nonce
|
|
id-pkix-OCSP 3 : CrlID : OCSP CRL ID
|
|
id-pkix-OCSP 4 : acceptableResponses : Acceptable OCSP Responses
|
|
id-pkix-OCSP 5 : noCheck : OCSP No Check
|
|
id-pkix-OCSP 6 : archiveCutoff : OCSP Archive Cutoff
|
|
id-pkix-OCSP 7 : serviceLocator : OCSP Service Locator
|
|
id-pkix-OCSP 8 : extendedStatus : Extended OCSP Status
|
|
id-pkix-OCSP 9 : valid
|
|
id-pkix-OCSP 10 : path
|
|
id-pkix-OCSP 11 : trustRoot : Trust Root
|
|
!global
|
|
|
|
1 3 14 3 2 : algorithm : algorithm
|
|
algorithm 3 : RSA-NP-MD5 : md5WithRSA
|
|
algorithm 6 : DES-ECB : des-ecb
|
|
algorithm 7 : DES-CBC : des-cbc
|
|
!Cname des-ofb64
|
|
algorithm 8 : DES-OFB : des-ofb
|
|
!Cname des-cfb64
|
|
algorithm 9 : DES-CFB : des-cfb
|
|
algorithm 11 : rsaSignature
|
|
!Cname dsa-2
|
|
algorithm 12 : DSA-old : dsaEncryption-old
|
|
algorithm 13 : DSA-SHA : dsaWithSHA
|
|
algorithm 15 : RSA-SHA : shaWithRSAEncryption
|
|
!Cname des-ede-ecb
|
|
algorithm 17 : DES-EDE : des-ede
|
|
!Cname des-ede3-ecb
|
|
: DES-EDE3 : des-ede3
|
|
: DES-EDE-CBC : des-ede-cbc
|
|
!Cname des-ede-cfb64
|
|
: DES-EDE-CFB : des-ede-cfb
|
|
!Cname des-ede3-cfb64
|
|
: DES-EDE3-CFB : des-ede3-cfb
|
|
!Cname des-ede-ofb64
|
|
: DES-EDE-OFB : des-ede-ofb
|
|
!Cname des-ede3-ofb64
|
|
: DES-EDE3-OFB : des-ede3-ofb
|
|
: DESX-CBC : desx-cbc
|
|
algorithm 18 : SHA : sha
|
|
algorithm 26 : SHA1 : sha1
|
|
!Cname dsaWithSHA1-2
|
|
algorithm 27 : DSA-SHA1-old : dsaWithSHA1-old
|
|
algorithm 29 : RSA-SHA1-2 : sha1WithRSA
|
|
|
|
1 3 36 3 2 1 : RIPEMD160 : ripemd160
|
|
1 3 36 3 3 1 2 : RSA-RIPEMD160 : ripemd160WithRSA
|
|
|
|
!Cname sxnet
|
|
1 3 101 1 4 1 : SXNetID : Strong Extranet ID
|
|
|
|
2 5 : X500 : directory services (X.500)
|
|
|
|
X500 4 : X509
|
|
X509 3 : CN : commonName
|
|
X509 4 : SN : surname
|
|
X509 5 : : serialNumber
|
|
X509 6 : C : countryName
|
|
X509 7 : L : localityName
|
|
X509 8 : ST : stateOrProvinceName
|
|
X509 10 : O : organizationName
|
|
X509 11 : OU : organizationalUnitName
|
|
X509 12 : : title
|
|
X509 13 : : description
|
|
X509 41 : name : name
|
|
X509 42 : gn : givenName
|
|
X509 43 : : initials
|
|
X509 44 : : generationQualifier
|
|
X509 45 : : x500UniqueIdentifier
|
|
X509 46 : dnQualifier : dnQualifier
|
|
X509 72 : role : role
|
|
|
|
X500 8 : X500algorithms : directory services - algorithms
|
|
X500algorithms 1 1 : RSA : rsa
|
|
X500algorithms 3 100 : RSA-MDC2 : mdc2WithRSA
|
|
X500algorithms 3 101 : MDC2 : mdc2
|
|
|
|
X500 29 : id-ce
|
|
!Cname subject-key-identifier
|
|
id-ce 14 : subjectKeyIdentifier : X509v3 Subject Key Identifier
|
|
!Cname key-usage
|
|
id-ce 15 : keyUsage : X509v3 Key Usage
|
|
!Cname private-key-usage-period
|
|
id-ce 16 : privateKeyUsagePeriod : X509v3 Private Key Usage Period
|
|
!Cname subject-alt-name
|
|
id-ce 17 : subjectAltName : X509v3 Subject Alternative Name
|
|
!Cname issuer-alt-name
|
|
id-ce 18 : issuerAltName : X509v3 Issuer Alternative Name
|
|
!Cname basic-constraints
|
|
id-ce 19 : basicConstraints : X509v3 Basic Constraints
|
|
!Cname crl-number
|
|
id-ce 20 : crlNumber : X509v3 CRL Number
|
|
!Cname crl-reason
|
|
id-ce 21 : CRLReason : X509v3 CRL Reason Code
|
|
!Cname invalidity-date
|
|
id-ce 24 : invalidityDate : Invalidity Date
|
|
!Cname delta-crl
|
|
id-ce 27 : deltaCRL : X509v3 Delta CRL Indicator
|
|
!Cname crl-distribution-points
|
|
id-ce 31 : crlDistributionPoints : X509v3 CRL Distribution Points
|
|
!Cname certificate-policies
|
|
id-ce 32 : certificatePolicies : X509v3 Certificate Policies
|
|
!Cname authority-key-identifier
|
|
id-ce 35 : authorityKeyIdentifier : X509v3 Authority Key Identifier
|
|
!Cname policy-constraints
|
|
id-ce 36 : policyConstraints : X509v3 Policy Constraints
|
|
!Cname ext-key-usage
|
|
id-ce 37 : extendedKeyUsage : X509v3 Extended Key Usage
|
|
!Cname target-information
|
|
id-ce 55 : targetInformation : X509v3 AC Targeting
|
|
!Cname no-rev-avail
|
|
id-ce 56 : noRevAvail : X509v3 No Revocation Available
|
|
|
|
!Cname netscape
|
|
2 16 840 1 113730 : Netscape : Netscape Communications Corp.
|
|
!Cname netscape-cert-extension
|
|
netscape 1 : nsCertExt : Netscape Certificate Extension
|
|
!Cname netscape-data-type
|
|
netscape 2 : nsDataType : Netscape Data Type
|
|
!Cname netscape-cert-type
|
|
netscape-cert-extension 1 : nsCertType : Netscape Cert Type
|
|
!Cname netscape-base-url
|
|
netscape-cert-extension 2 : nsBaseUrl : Netscape Base Url
|
|
!Cname netscape-revocation-url
|
|
netscape-cert-extension 3 : nsRevocationUrl : Netscape Revocation Url
|
|
!Cname netscape-ca-revocation-url
|
|
netscape-cert-extension 4 : nsCaRevocationUrl : Netscape CA Revocation Url
|
|
!Cname netscape-renewal-url
|
|
netscape-cert-extension 7 : nsRenewalUrl : Netscape Renewal Url
|
|
!Cname netscape-ca-policy-url
|
|
netscape-cert-extension 8 : nsCaPolicyUrl : Netscape CA Policy Url
|
|
!Cname netscape-ssl-server-name
|
|
netscape-cert-extension 12 : nsSslServerName : Netscape SSL Server Name
|
|
!Cname netscape-comment
|
|
netscape-cert-extension 13 : nsComment : Netscape Comment
|
|
!Cname netscape-cert-sequence
|
|
netscape-data-type 5 : nsCertSequence : Netscape Certificate Sequence
|
|
!Cname ns-sgc
|
|
netscape 4 1 : nsSGC : Netscape Server Gated Crypto
|
|
|
|
# iso(1)
|
|
iso 3 : ORG : org
|
|
org 6 : DOD : dod
|
|
dod 1 : IANA : iana
|
|
!Alias internet iana
|
|
|
|
internet 1 : directory : Directory
|
|
internet 2 : mgmt : Management
|
|
internet 3 : experimental : Experimental
|
|
internet 4 : private : Private
|
|
internet 5 : security : Security
|
|
internet 6 : snmpv2 : SNMPv2
|
|
# Documents refer to "internet 7" as "mail". This however leads to ambiguities
|
|
# with RFC2798, Section 9.1.3, where "mail" is defined as the short name for
|
|
# rfc822Mailbox. The short name is therefore here left out for a reason.
|
|
# Subclasses of "mail", e.g. "MIME MHS" don't consitute a problem, as
|
|
# references are realized via long name "Mail" (with capital M).
|
|
internet 7 : : Mail
|
|
|
|
Private 1 : enterprises : Enterprises
|
|
|
|
# RFC 2247
|
|
Enterprises 1466 344 : dcobject : dcObject
|
|
|
|
# RFC 1495
|
|
Mail 1 : mime-mhs : MIME MHS
|
|
mime-mhs 1 : mime-mhs-headings : mime-mhs-headings
|
|
mime-mhs 2 : mime-mhs-bodies : mime-mhs-bodies
|
|
mime-mhs-headings 1 : id-hex-partial-message : id-hex-partial-message
|
|
mime-mhs-headings 2 : id-hex-multipart-message : id-hex-multipart-message
|
|
|
|
# What the hell are these OIDs, really?
|
|
!Cname rle-compression
|
|
1 1 1 1 666 1 : RLE : run length compression
|
|
!Cname zlib-compression
|
|
1 1 1 1 666 2 : ZLIB : zlib compression
|
|
|
|
# AES aka Rijndael
|
|
|
|
!Alias csor 2 16 840 1 101 3
|
|
!Alias nistAlgorithms csor 4
|
|
!Alias aes nistAlgorithms 1
|
|
|
|
aes 1 : AES-128-ECB : aes-128-ecb
|
|
aes 2 : AES-128-CBC : aes-128-cbc
|
|
!Cname aes-128-ofb128
|
|
aes 3 : AES-128-OFB : aes-128-ofb
|
|
!Cname aes-128-cfb128
|
|
aes 4 : AES-128-CFB : aes-128-cfb
|
|
|
|
aes 21 : AES-192-ECB : aes-192-ecb
|
|
aes 22 : AES-192-CBC : aes-192-cbc
|
|
!Cname aes-192-ofb128
|
|
aes 23 : AES-192-OFB : aes-192-ofb
|
|
!Cname aes-192-cfb128
|
|
aes 24 : AES-192-CFB : aes-192-cfb
|
|
|
|
aes 41 : AES-256-ECB : aes-256-ecb
|
|
aes 42 : AES-256-CBC : aes-256-cbc
|
|
!Cname aes-256-ofb128
|
|
aes 43 : AES-256-OFB : aes-256-ofb
|
|
!Cname aes-256-cfb128
|
|
aes 44 : AES-256-CFB : aes-256-cfb
|
|
|
|
# Hold instruction CRL entry extension
|
|
!Cname hold-instruction-code
|
|
id-ce 23 : holdInstructionCode : Hold Instruction Code
|
|
!Alias holdInstruction X9-57 2
|
|
!Cname hold-instruction-none
|
|
holdInstruction 1 : holdInstructionNone : Hold Instruction None
|
|
!Cname hold-instruction-call-issuer
|
|
holdInstruction 2 : holdInstructionCallIssuer : Hold Instruction Call Issuer
|
|
!Cname hold-instruction-reject
|
|
holdInstruction 3 : holdInstructionReject : Hold Instruction Reject
|
|
|
|
# OID's from CCITT. Most of this is defined in RFC 1274. A couple of
|
|
# them are also mentioned in RFC 2247
|
|
ccitt 9 : data
|
|
data 2342 : pss
|
|
pss 19200300 : ucl
|
|
ucl 100 : pilot
|
|
pilot 1 : : pilotAttributeType
|
|
pilot 3 : : pilotAttributeSyntax
|
|
pilot 4 : : pilotObjectClass
|
|
pilot 10 : : pilotGroups
|
|
pilotAttributeSyntax 4 : : iA5StringSyntax
|
|
pilotAttributeSyntax 5 : : caseIgnoreIA5StringSyntax
|
|
pilotObjectClass 3 : : pilotObject
|
|
pilotObjectClass 4 : : pilotPerson
|
|
pilotObjectClass 5 : account
|
|
pilotObjectClass 6 : document
|
|
pilotObjectClass 7 : room
|
|
pilotObjectClass 9 : : documentSeries
|
|
pilotObjectClass 13 : domain : Domain
|
|
pilotObjectClass 14 : : rFC822localPart
|
|
pilotObjectClass 15 : : dNSDomain
|
|
pilotObjectClass 17 : : domainRelatedObject
|
|
pilotObjectClass 18 : : friendlyCountry
|
|
pilotObjectClass 19 : : simpleSecurityObject
|
|
pilotObjectClass 20 : : pilotOrganization
|
|
pilotObjectClass 21 : : pilotDSA
|
|
pilotObjectClass 22 : : qualityLabelledData
|
|
pilotAttributeType 1 : UID : userId
|
|
pilotAttributeType 2 : : textEncodedORAddress
|
|
pilotAttributeType 3 : mail : rfc822Mailbox
|
|
pilotAttributeType 4 : info
|
|
pilotAttributeType 5 : : favouriteDrink
|
|
pilotAttributeType 6 : : roomNumber
|
|
pilotAttributeType 7 : photo
|
|
pilotAttributeType 8 : : userClass
|
|
pilotAttributeType 9 : host
|
|
pilotAttributeType 10 : manager
|
|
pilotAttributeType 11 : : documentIdentifier
|
|
pilotAttributeType 12 : : documentTitle
|
|
pilotAttributeType 13 : : documentVersion
|
|
pilotAttributeType 14 : : documentAuthor
|
|
pilotAttributeType 15 : : documentLocation
|
|
pilotAttributeType 20 : : homeTelephoneNumber
|
|
pilotAttributeType 21 : secretary
|
|
pilotAttributeType 22 : : otherMailbox
|
|
pilotAttributeType 23 : : lastModifiedTime
|
|
pilotAttributeType 24 : : lastModifiedBy
|
|
pilotAttributeType 25 : DC : domainComponent
|
|
pilotAttributeType 26 : : aRecord
|
|
pilotAttributeType 27 : : pilotAttributeType27
|
|
pilotAttributeType 28 : : mXRecord
|
|
pilotAttributeType 29 : : nSRecord
|
|
pilotAttributeType 30 : : sOARecord
|
|
pilotAttributeType 31 : : cNAMERecord
|
|
pilotAttributeType 37 : : associatedDomain
|
|
pilotAttributeType 38 : : associatedName
|
|
pilotAttributeType 39 : : homePostalAddress
|
|
pilotAttributeType 40 : : personalTitle
|
|
pilotAttributeType 41 : : mobileTelephoneNumber
|
|
pilotAttributeType 42 : : pagerTelephoneNumber
|
|
pilotAttributeType 43 : : friendlyCountryName
|
|
# The following clashes with 2.5.4.45, so commented away
|
|
#pilotAttributeType 44 : uid : uniqueIdentifier
|
|
pilotAttributeType 45 : : organizationalStatus
|
|
pilotAttributeType 46 : : janetMailbox
|
|
pilotAttributeType 47 : : mailPreferenceOption
|
|
pilotAttributeType 48 : : buildingName
|
|
pilotAttributeType 49 : : dSAQuality
|
|
pilotAttributeType 50 : : singleLevelQuality
|
|
pilotAttributeType 51 : : subtreeMinimumQuality
|
|
pilotAttributeType 52 : : subtreeMaximumQuality
|
|
pilotAttributeType 53 : : personalSignature
|
|
pilotAttributeType 54 : : dITRedirect
|
|
pilotAttributeType 55 : audio
|
|
pilotAttributeType 56 : : documentPublisher
|