📄 draft-ietf-pkix-new-part1-asn1-01.txt
字号:
PKIX Working Group R. Housley (RSA Laboratories)Internet Draft W. Polk (NIST)draft-ietf-pkix-new-part1-asn1-01.txt April 2002Expires in six months Update for Appendix A in draft-ietf-pkix-new-part1-12.txtStatus of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/1id-abstracts.html The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html Copyright (C) The Internet Society (2002). All Rights Reserved.Abstract As all members of the PKIX Working Group know, draft-ietf-pkix-new- part1-12.txt is with the RFC Editor. However, an error in the ASN.1 modules was discovered. The authors are working with the RFC Editor to ensure that the corrected ASN.1 modules are included in the final text, and we are publishing this Internet-Draft to distribute the corrected ASN.1 modules as quickly as possible. This Internet-Draft contains only the updated Appendix.Housley & Polk [Page 1]
INTERNET DRAFT April 2002Appendix A. Psuedo-ASN.1 Structures and OIDs This section describes data objects used by conforming PKI components in an "ASN.1-like" syntax. This syntax is a hybrid of the 1988 and 1993 ASN.1 syntaxes. The 1988 ASN.1 syntax is augmented with 1993 UNIVERSAL Types UniversalString, BMPString and UTF8String. The ASN.1 syntax does not permit the inclusion of type statements in the ASN.1 module, and the 1993 ASN.1 standard does not permit use of the new UNIVERSAL types in modules using the 1988 syntax. As a result, this module does not conform to either version of the ASN.1 standard. This appendix may be converted into 1988 ASN.1 by replacing the definitions for the UNIVERSAL Types with the 1988 catch-all "ANY".A.1 Explicitly Tagged Module, 1988 SyntaxPKIX1Explicit88 { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-explicit(18) }DEFINITIONS EXPLICIT TAGS ::=BEGIN-- EXPORTS ALL ---- IMPORTS NONE ---- UNIVERSAL Types defined in 1993 and 1998 ASN.1-- and required by this specificationUniversalString ::= [UNIVERSAL 28] IMPLICIT OCTET STRING -- UniversalString is defined in ASN.1:1993BMPString ::= [UNIVERSAL 30] IMPLICIT OCTET STRING -- BMPString is the subtype of UniversalString and models -- the Basic Multilingual Plane of ISO/IEC/ITU 10646-1UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING -- The content of this type conforms to RFC 2279.-- PKIX specific OIDsid-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) }Housley & Polk [Page 2]
INTERNET DRAFT April 2002-- PKIX arcsid-pe OBJECT IDENTIFIER ::= { id-pkix 1 } -- arc for private certificate extensionsid-qt OBJECT IDENTIFIER ::= { id-pkix 2 } -- arc for policy qualifier typesid-kp OBJECT IDENTIFIER ::= { id-pkix 3 } -- arc for extended key purpose OIDSid-ad OBJECT IDENTIFIER ::= { id-pkix 48 } -- arc for access descriptors-- policyQualifierIds for Internet policy qualifiersid-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 } -- OID for CPS qualifierid-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 } -- OID for user notice qualifier-- access descriptor definitionsid-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 }id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 }id-ad-timeStamping OBJECT IDENTIFIER ::= { id-ad 3 }id-ad-caRepository OBJECT IDENTIFIER ::= { id-ad 5 }-- attribute data typesAttribute ::= SEQUENCE { type AttributeType, values SET OF AttributeValue } -- at least one value is requiredAttributeType ::= OBJECT IDENTIFIERAttributeValue ::= ANYAttributeTypeAndValue ::= SEQUENCE { type AttributeType, value AttributeValue }-- suggested naming attributes: Definition of the following-- information object set may be augmented to meet local-- requirements. Note that deleting members of the set may-- prevent interoperability with conforming implementations.-- presented in pairs: the AttributeType followed by the-- type definition for the corresponding AttributeValueHousley & Polk [Page 3]
INTERNET DRAFT April 2002--Arc for standard naming attributesid-at OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) ds(5) 4 }-- Naming attributes of type X520nameid-at-name AttributeType ::= { id-at 41 }id-at-surname AttributeType ::= { id-at 4 }id-at-givenName AttributeType ::= { id-at 42 }id-at-initials AttributeType ::= { id-at 43 }id-at-generationQualifier AttributeType ::= { id-at 44 }X520name ::= CHOICE { teletexString TeletexString (SIZE (1..ub-name)), printableString PrintableString (SIZE (1..ub-name)), universalString UniversalString (SIZE (1..ub-name)), utf8String UTF8String (SIZE (1..ub-name)), bmpString BMPString (SIZE (1..ub-name)) }-- Naming attributes of type X520CommonNameid-at-commonName AttributeType ::= { id-at 3 }X520CommonName ::= CHOICE { teletexString TeletexString (SIZE (1..ub-common-name)), printableString PrintableString (SIZE (1..ub-common-name)), universalString UniversalString (SIZE (1..ub-common-name)), utf8String UTF8String (SIZE (1..ub-common-name)), bmpString BMPString (SIZE (1..ub-common-name)) }-- Naming attributes of type X520LocalityNameid-at-localityName AttributeType ::= { id-at 7 }X520LocalityName ::= CHOICE { teletexString TeletexString (SIZE (1..ub-locality-name)), printableString PrintableString (SIZE (1..ub-locality-name)), universalString UniversalString (SIZE (1..ub-locality-name)), utf8String UTF8String (SIZE (1..ub-locality-name)), bmpString BMPString (SIZE (1..ub-locality-name)) }-- Naming attributes of type X520StateOrProvinceNameid-at-stateOrProvinceName AttributeType ::= { id-at 8 }Housley & Polk [Page 4]
INTERNET DRAFT April 2002X520StateOrProvinceName ::= CHOICE { teletexString TeletexString (SIZE (1..ub-state-name)), printableString PrintableString (SIZE (1..ub-state-name)), universalString UniversalString (SIZE (1..ub-state-name)), utf8String UTF8String (SIZE (1..ub-state-name)), bmpString BMPString (SIZE(1..ub-state-name)) }-- Naming attributes of type X520OrganizationNameid-at-organizationName AttributeType ::= { id-at 10 }X520OrganizationName ::= CHOICE { teletexString TeletexString (SIZE (1..ub-organization-name)), printableString PrintableString (SIZE (1..ub-organization-name)), universalString UniversalString (SIZE (1..ub-organization-name)), utf8String UTF8String (SIZE (1..ub-organization-name)), bmpString BMPString (SIZE (1..ub-organization-name)) }-- Naming attributes of type X520OrganizationalUnitNameid-at-organizationalUnitName AttributeType ::= { id-at 11 }X520OrganizationalUnitName ::= CHOICE { teletexString TeletexString (SIZE (1..ub-organizational-unit-name)), printableString PrintableString (SIZE (1..ub-organizational-unit-name)), universalString UniversalString (SIZE (1..ub-organizational-unit-name)), utf8String UTF8String (SIZE (1..ub-organizational-unit-name)), bmpString BMPString (SIZE (1..ub-organizational-unit-name)) }-- Naming attributes of type X520Titleid-at-title AttributeType ::= { id-at 12 }Housley & Polk [Page 5]
INTERNET DRAFT April 2002X520Title ::= CHOICE { teletexString TeletexString (SIZE (1..ub-title)), printableString PrintableString (SIZE (1..ub-title)), universalString UniversalString (SIZE (1..ub-title)), utf8String UTF8String (SIZE (1..ub-title)), bmpString BMPString (SIZE (1..ub-title)) }-- Naming attributes of type X520dnQualifierid-at-dnQualifier AttributeType ::= { id-at 46 }X520dnQualifier ::= PrintableString-- Naming attributes of type X520countryName (digraph from IS 3166)id-at-countryName AttributeType ::= { id-at 6 }X520countryName ::= PrintableString (SIZE (2))-- Naming attributes of type X520SerialNumberid-at-serialNumber AttributeType ::= { id-at 5 }X520SerialNumber ::= PrintableString (SIZE (1..ub-serial-number))-- Naming attributes of type X520Pseudonymid-at-pseudonym AttributeType ::= { id-at 65 }X520Pseudonym ::= CHOICE { teletexString TeletexString (SIZE (1..ub-pseudonym)), printableString PrintableString (SIZE (1..ub-pseudonym)), universalString UniversalString (SIZE (1..ub-pseudonym)), utf8String UTF8String (SIZE (1..ub-pseudonym)), bmpString BMPString (SIZE (1..ub-pseudonym)) }-- Naming attributes of type DomainComponent (from RFC 2247)id-domainComponent AttributeType ::= { 0 9 2342 19200300 100 1 25 }DomainComponent ::= IA5String-- Legacy attributespkcs-9 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 }Housley & Polk [Page 6]
INTERNET DRAFT April 2002id-emailAddress AttributeType ::= { pkcs-9 1 }EmailAddress ::= IA5String (SIZE (1..ub-emailaddress-length))-- naming data types --Name ::= CHOICE { -- only one possibility for now -- rdnSequence RDNSequence }RDNSequence ::= SEQUENCE OF RelativeDistinguishedNameDistinguishedName ::= RDNSequenceRelativeDistinguishedName ::= SET SIZE (1 .. MAX) OF AttributeTypeAndValue-- Directory string type --DirectoryString ::= CHOICE { teletexString TeletexString (SIZE (1..MAX)), printableString PrintableString (SIZE (1..MAX)), universalString UniversalString (SIZE (1..MAX)), utf8String UTF8String (SIZE (1..MAX)), bmpString BMPString (SIZE (1..MAX)) }-- certificate and CRL specific structures begin hereCertificate ::= SEQUENCE { tbsCertificate TBSCertificate, signatureAlgorithm AlgorithmIdentifier, signature BIT STRING }TBSCertificate ::= SEQUENCE { version [0] Version DEFAULT v1, serialNumber CertificateSerialNumber, signature AlgorithmIdentifier, issuer Name, validity Validity, subject Name, subjectPublicKeyInfo SubjectPublicKeyInfo, issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, -- If present, version MUST be v2 or v3 subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, -- If present, version MUST be v2 or v3 extensions [3] Extensions OPTIONAL -- If present, version MUST be v3 -- }Version ::= INTEGER { v1(0), v2(1), v3(2) }Housley & Polk [Page 7]
INTERNET DRAFT April 2002CertificateSerialNumber ::= INTEGERValidity ::= SEQUENCE { notBefore Time, notAfter Time }Time ::= CHOICE { utcTime UTCTime, generalTime GeneralizedTime }UniqueIdentifier ::= BIT STRINGSubjectPublicKeyInfo ::= SEQUENCE { algorithm AlgorithmIdentifier, subjectPublicKey BIT STRING }Extensions ::= SEQUENCE SIZE (1..MAX) OF ExtensionExtension ::= SEQUENCE { extnID OBJECT IDENTIFIER, critical BOOLEAN DEFAULT FALSE, extnValue OCTET STRING }-- CRL structuresCertificateList ::= SEQUENCE { tbsCertList TBSCertList, signatureAlgorithm AlgorithmIdentifier, signature BIT STRING }TBSCertList ::= SEQUENCE { version Version OPTIONAL, -- if present, MUST be v2 signature AlgorithmIdentifier, issuer Name, thisUpdate Time, nextUpdate Time OPTIONAL, revokedCertificates SEQUENCE OF SEQUENCE { userCertificate CertificateSerialNumber, revocationDate Time, crlEntryExtensions Extensions OPTIONAL -- if present, MUST be v2 } OPTIONAL, crlExtensions [0] Extensions OPTIONAL } -- if present, MUST be v2-- Version, Time, CertificateSerialNumber, and Extensions were-- defined earlier for use in the certificate structureHousley & Polk [Page 8]⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -