1
PKIX1Implicit88 { iso(1) identified-organization(3) dod(6) internet(1)
2
security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-implicit(19) }
4
DEFINITIONS IMPLICIT TAGS ::=
10
id-pe, id-kp, id-qt-unotice, id-qt-cps,
11
-- delete following line if "new" types are supported --
13
-- UTF8String, end "new" types --
14
ORAddress, Name, RelativeDistinguishedName,
15
CertificateSerialNumber, Attribute, DirectoryString
16
FROM PKIX1Explicit88 { iso(1) identified-organization(3)
17
dod(6) internet(1) security(5) mechanisms(5) pkix(7)
18
id-mod(0) id-pkix1-explicit(18) };
22
id-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29}
25
id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 }
27
AuthorityKeyIdentifier ::= SEQUENCE {
28
keyIdentifier [0] KeyIdentifier OPTIONAL,
29
authorityCertIssuer [1] GeneralNames OPTIONAL,
30
authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL }
31
-- authorityCertIssuer and authorityCertSerialNumber MUST both
32
-- be present or both be absent
34
KeyIdentifier ::= OCTET STRING
37
id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 }
39
SubjectKeyIdentifier ::= KeyIdentifier
42
id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 }
44
KeyUsage ::= BIT STRING {
56
id-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= { id-ce 16 }
58
PrivateKeyUsagePeriod ::= SEQUENCE {
59
notBefore [0] GeneralizedTime OPTIONAL,
60
notAfter [1] GeneralizedTime OPTIONAL }
61
-- either notBefore or notAfter MUST be present
64
id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 }
66
anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 }
68
CertificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
70
PolicyInformation ::= SEQUENCE {
71
policyIdentifier CertPolicyId,
72
policyQualifiers SEQUENCE SIZE (1..MAX) OF
73
PolicyQualifierInfo OPTIONAL }
75
CertPolicyId ::= OBJECT IDENTIFIER
77
PolicyQualifierInfo ::= SEQUENCE {
78
policyQualifierId PolicyQualifierId,
79
qualifier ANY DEFINED BY policyQualifierId }
83
OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice )
89
UserNotice ::= SEQUENCE {
90
noticeRef NoticeReference OPTIONAL,
91
explicitText DisplayText OPTIONAL}
93
NoticeReference ::= SEQUENCE {
94
organization DisplayText,
95
noticeNumbers SEQUENCE OF INTEGER }
97
DisplayText ::= CHOICE {
98
ia5String IA5String (SIZE (1..200)),
99
visibleString VisibleString (SIZE (1..200)),
100
bmpString BMPString (SIZE (1..200)),
101
utf8String UTF8String (SIZE (1..200)) }
104
id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 }
106
PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
107
issuerDomainPolicy CertPolicyId,
108
subjectDomainPolicy CertPolicyId }
111
id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 }
113
SubjectAltName ::= GeneralNames
115
GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
117
GeneralName ::= CHOICE {
118
otherName [0] AnotherName,
119
rfc822Name [1] IA5String,
120
dNSName [2] IA5String,
121
x400Address [3] ORAddress,
122
directoryName [4] Name,
123
ediPartyName [5] EDIPartyName,
124
uniformResourceIdentifier [6] IA5String,
125
iPAddress [7] OCTET STRING,
126
registeredID [8] OBJECT IDENTIFIER }
129
AnotherName ::= SEQUENCE {
130
type-id OBJECT IDENTIFIER,
131
value [0] EXPLICIT ANY DEFINED BY type-id }
133
EDIPartyName ::= SEQUENCE {
134
nameAssigner [0] DirectoryString OPTIONAL,
135
partyName [1] DirectoryString }
138
id-ce-issuerAltName OBJECT IDENTIFIER ::= { id-ce 18 }
140
IssuerAltName ::= GeneralNames
142
id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-ce 9 }
144
SubjectDirectoryAttributes ::= SEQUENCE SIZE (1..MAX) OF Attribute
147
id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 }
149
BasicConstraints ::= SEQUENCE {
150
cA BOOLEAN DEFAULT FALSE,
151
pathLenConstraint INTEGER (0..MAX) OPTIONAL }
154
id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 }
156
NameConstraints ::= SEQUENCE {
157
permittedSubtrees [0] GeneralSubtrees OPTIONAL,
158
excludedSubtrees [1] GeneralSubtrees OPTIONAL }
160
GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
162
GeneralSubtree ::= SEQUENCE {
164
minimum [0] BaseDistance DEFAULT 0,
165
maximum [1] BaseDistance OPTIONAL }
167
BaseDistance ::= INTEGER (0..MAX)
170
id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 }
172
PolicyConstraints ::= SEQUENCE {
173
requireExplicitPolicy [0] SkipCerts OPTIONAL,
174
inhibitPolicyMapping [1] SkipCerts OPTIONAL }
176
SkipCerts ::= INTEGER (0..MAX)
179
id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= {id-ce 31}
181
CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
183
DistributionPoint ::= SEQUENCE {
184
distributionPoint [0] DistributionPointName OPTIONAL,
185
reasons [1] ReasonFlags OPTIONAL,
186
cRLIssuer [2] GeneralNames OPTIONAL }
188
DistributionPointName ::= CHOICE {
189
fullName [0] GeneralNames,
190
nameRelativeToCRLIssuer [1] RelativeDistinguishedName }
192
ReasonFlags ::= BIT STRING {
196
affiliationChanged (3),
198
cessationOfOperation (5),
200
privilegeWithdrawn (7),
204
id-ce-extKeyUsage OBJECT IDENTIFIER ::= {id-ce 37}
206
ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
209
KeyPurposeId ::= OBJECT IDENTIFIER
212
anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 }
215
id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 }
216
id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 }
217
id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 }
218
id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 }
219
id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 }
220
id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 }
223
id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 }
225
InhibitAnyPolicy ::= SkipCerts
228
id-ce-freshestCRL OBJECT IDENTIFIER ::= { id-ce 46 }
230
FreshestCRL ::= CRLDistributionPoints
233
id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }
235
AuthorityInfoAccessSyntax ::=
236
SEQUENCE SIZE (1..MAX) OF AccessDescription
238
AccessDescription ::= SEQUENCE {
239
accessMethod OBJECT IDENTIFIER,
240
accessLocation GeneralName }
243
id-pe-subjectInfoAccess OBJECT IDENTIFIER ::= { id-pe 11 }
245
SubjectInfoAccessSyntax ::=
246
SEQUENCE SIZE (1..MAX) OF AccessDescription
249
id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 }
251
CRLNumber ::= INTEGER (0..MAX)
254
id-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-ce 28 }
256
IssuingDistributionPoint ::= SEQUENCE {
257
distributionPoint [0] DistributionPointName OPTIONAL,
258
onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE,
259
onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE,
260
onlySomeReasons [3] ReasonFlags OPTIONAL,
261
indirectCRL [4] BOOLEAN DEFAULT FALSE,
262
onlyContainsAttributeCerts [5] BOOLEAN DEFAULT FALSE }
264
id-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-ce 27 }
266
BaseCRLNumber ::= CRLNumber
269
id-ce-cRLReasons OBJECT IDENTIFIER ::= { id-ce 21 }
271
CRLReason ::= ENUMERATED {
275
affiliationChanged (3),
277
cessationOfOperation (5),
280
privilegeWithdrawn (9),
284
id-ce-certificateIssuer OBJECT IDENTIFIER ::= { id-ce 29 }
286
CertificateIssuer ::= GeneralNames
289
id-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-ce 23 }
291
HoldInstructionCode ::= OBJECT IDENTIFIER
295
holdInstruction OBJECT IDENTIFIER ::=
296
{joint-iso-itu-t(2) member-body(2) us(840) x9cm(10040) 2}
299
id-holdinstruction-none OBJECT IDENTIFIER ::=
300
{holdInstruction 1} -- deprecated
302
id-holdinstruction-callissuer OBJECT IDENTIFIER ::=
305
id-holdinstruction-reject OBJECT IDENTIFIER ::=
309
id-ce-invalidityDate OBJECT IDENTIFIER ::= { id-ce 24 }
311
InvalidityDate ::= GeneralizedTime