📄 draft-ietf-pkix-new-part1-asn1-01.txt
字号:
INTERNET DRAFT April 2002KeyUsage ::= BIT STRING { digitalSignature (0), nonRepudiation (1), keyEncipherment (2), dataEncipherment (3), keyAgreement (4), keyCertSign (5), cRLSign (6), encipherOnly (7), decipherOnly (8) }-- private key usage period extension OID and syntaxid-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= { id-ce 16 }PrivateKeyUsagePeriod ::= SEQUENCE { notBefore [0] GeneralizedTime OPTIONAL, notAfter [1] GeneralizedTime OPTIONAL } -- either notBefore or notAfter MUST be present-- certificate policies extension OID and syntaxid-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 }anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 }CertificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformationPolicyInformation ::= SEQUENCE { policyIdentifier CertPolicyId, policyQualifiers SEQUENCE SIZE (1..MAX) OF PolicyQualifierInfo OPTIONAL }CertPolicyId ::= OBJECT IDENTIFIERPolicyQualifierInfo ::= SEQUENCE { policyQualifierId PolicyQualifierId, qualifier ANY DEFINED BY policyQualifierId }-- Implementations that recognize additional policy qualifiers MUST-- augment the following definition for PolicyQualifierIdPolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice )-- CPS pointer qualifierCPSuri ::= IA5StringHousley & Polk [Page 17]
INTERNET DRAFT April 2002-- user notice qualifierUserNotice ::= SEQUENCE { noticeRef NoticeReference OPTIONAL, explicitText DisplayText OPTIONAL}NoticeReference ::= SEQUENCE { organization DisplayText, noticeNumbers SEQUENCE OF INTEGER }DisplayText ::= CHOICE { ia5String IA5String (SIZE (1..200)), visibleString VisibleString (SIZE (1..200)), bmpString BMPString (SIZE (1..200)), utf8String UTF8String (SIZE (1..200)) }-- policy mapping extension OID and syntaxid-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 }PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE { issuerDomainPolicy CertPolicyId, subjectDomainPolicy CertPolicyId }-- subject alternative name extension OID and syntaxid-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 }SubjectAltName ::= GeneralNamesGeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralNameGeneralName ::= CHOICE { otherName [0] AnotherName, rfc822Name [1] IA5String, dNSName [2] IA5String, x400Address [3] ORAddress, directoryName [4] Name, ediPartyName [5] EDIPartyName, uniformResourceIdentifier [6] IA5String, iPAddress [7] OCTET STRING, registeredID [8] OBJECT IDENTIFIER }Housley & Polk [Page 18]
INTERNET DRAFT April 2002-- AnotherName replaces OTHER-NAME ::= TYPE-IDENTIFIER, as-- TYPE-IDENTIFIER is not supported in the '88 ASN.1 syntaxAnotherName ::= SEQUENCE { type-id OBJECT IDENTIFIER, value [0] EXPLICIT ANY DEFINED BY type-id }EDIPartyName ::= SEQUENCE { nameAssigner [0] DirectoryString OPTIONAL, partyName [1] DirectoryString }-- issuer alternative name extension OID and syntaxid-ce-issuerAltName OBJECT IDENTIFIER ::= { id-ce 18 }IssuerAltName ::= GeneralNamesid-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-ce 9 }SubjectDirectoryAttributes ::= SEQUENCE SIZE (1..MAX) OF Attribute-- basic constraints extension OID and syntaxid-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 }BasicConstraints ::= SEQUENCE { cA BOOLEAN DEFAULT FALSE, pathLenConstraint INTEGER (0..MAX) OPTIONAL }-- name constraints extension OID and syntaxid-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 }NameConstraints ::= SEQUENCE { permittedSubtrees [0] GeneralSubtrees OPTIONAL, excludedSubtrees [1] GeneralSubtrees OPTIONAL }GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtreeGeneralSubtree ::= SEQUENCE { base GeneralName, minimum [0] BaseDistance DEFAULT 0, maximum [1] BaseDistance OPTIONAL }BaseDistance ::= INTEGER (0..MAX)Housley & Polk [Page 19]
INTERNET DRAFT April 2002-- policy constraints extension OID and syntaxid-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 }PolicyConstraints ::= SEQUENCE { requireExplicitPolicy [0] SkipCerts OPTIONAL, inhibitPolicyMapping [1] SkipCerts OPTIONAL }SkipCerts ::= INTEGER (0..MAX)-- CRL distribution points extension OID and syntaxid-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= {id-ce 31}CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPointDistributionPoint ::= SEQUENCE { distributionPoint [0] DistributionPointName OPTIONAL, reasons [1] ReasonFlags OPTIONAL, cRLIssuer [2] GeneralNames OPTIONAL }DistributionPointName ::= CHOICE { fullName [0] GeneralNames, nameRelativeToCRLIssuer [1] RelativeDistinguishedName }ReasonFlags ::= BIT STRING { unused (0), keyCompromise (1), cACompromise (2), affiliationChanged (3), superseded (4), cessationOfOperation (5), certificateHold (6), privilegeWithdrawn (7), aACompromise (8) }-- extended key usage extension OID and syntaxid-ce-extKeyUsage OBJECT IDENTIFIER ::= {id-ce 37}ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeIdKeyPurposeId ::= OBJECT IDENTIFIER-- permit unspecified key usesanyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 }Housley & Polk [Page 20]
INTERNET DRAFT April 2002-- extended key purpose OIDsid-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 }id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 }id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 }id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 }id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 }id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 }-- inhibit any policy OID and syntaxid-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 }InhibitAnyPolicy ::= SkipCerts-- freshest (delta)CRL extension OID and syntaxid-ce-freshestCRL OBJECT IDENTIFIER ::= { id-ce 46 }FreshestCRL ::= CRLDistributionPoints-- authority info accessid-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }AuthorityInfoAccessSyntax ::= SEQUENCE SIZE (1..MAX) OF AccessDescriptionAccessDescription ::= SEQUENCE { accessMethod OBJECT IDENTIFIER, accessLocation GeneralName }-- subject info accessid-pe-subjectInfoAccess OBJECT IDENTIFIER ::= { id-pe 11 }SubjectInfoAccessSyntax ::= SEQUENCE SIZE (1..MAX) OF AccessDescription-- CRL number extension OID and syntaxid-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 }CRLNumber ::= INTEGER (0..MAX)Housley & Polk [Page 21]
INTERNET DRAFT April 2002-- issuing distribution point extension OID and syntaxid-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-ce 28 }IssuingDistributionPoint ::= SEQUENCE { distributionPoint [0] DistributionPointName OPTIONAL, onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE, onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE, onlySomeReasons [3] ReasonFlags OPTIONAL, indirectCRL [4] BOOLEAN DEFAULT FALSE, onlyContainsAttributeCerts [5] BOOLEAN DEFAULT FALSE }id-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-ce 27 }BaseCRLNumber ::= CRLNumber-- CRL reasons extension OID and syntaxid-ce-cRLReasons OBJECT IDENTIFIER ::= { id-ce 21 }CRLReason ::= ENUMERATED { unspecified (0), keyCompromise (1), cACompromise (2), affiliationChanged (3), superseded (4), cessationOfOperation (5), certificateHold (6), removeFromCRL (8), privilegeWithdrawn (9), aACompromise (10) }-- certificate issuer CRL entry extension OID and syntaxid-ce-certificateIssuer OBJECT IDENTIFIER ::= { id-ce 29 }CertificateIssuer ::= GeneralNames-- hold instruction extension OID and syntaxid-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-ce 23 }HoldInstructionCode ::= OBJECT IDENTIFIERHousley & Polk [Page 22]
INTERNET DRAFT April 2002-- ANSI x9 holdinstructions-- ANSI x9 arc holdinstruction archoldInstruction OBJECT IDENTIFIER ::= {joint-iso-itu-t(2) member-body(2) us(840) x9cm(10040) 2}-- ANSI X9 holdinstructions referenced by this standardid-holdinstruction-none OBJECT IDENTIFIER ::= {holdInstruction 1} -- deprecatedid-holdinstruction-callissuer OBJECT IDENTIFIER ::= {holdInstruction 2}id-holdinstruction-reject OBJECT IDENTIFIER ::= {holdInstruction 3}-- invalidity date CRL entry extension OID and syntaxid-ce-invalidityDate OBJECT IDENTIFIER ::= { id-ce 24 }InvalidityDate ::= GeneralizedTimeENDHousley & Polk [Page 23]
INTERNET DRAFT April 2002Author Addresses: Russell Housley RSA Laboratories 918 Spring Knoll Drive Herndon, VA 20170 USA rhousley@rsasecurity.com Tim Polk NIST Building 820, Room 426 Gaithersburg, MD 20899 USA wpolk@nist.govFull Copyright Statement Copyright (C) The Internet Society (2002). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. In addition, the ASN.1 modules presented in Appendix A may be used in whole or in part without inclusion of the copyright notice. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process shall be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.Housley & Polk [Page 24]⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -