draft-ietf-pkix-pi-06.txt

PKIX的RFC英文文档

   [X.509]  ITU-T Recommendation X.509 (1997 E): Information Technology
   - Open Systems Interconnection - The Directory: Authentication
   Framework, June 1997.

   [X.520]  ITU-T Recommendation X.520: Information Technology - Open
   Systems Interconnection - The Directory: Selected Attribute Types,
   June 1997.

   [X.660]  ITU-T Recommendation X.660: Information Technology -
   Open Systems Interconnection - Procedures for the Operation of 
   OSI Registration Authorities: General Procedures, 1992.

   [X.680]  ITU-T Recommendation X.680: Information Technology -
   Abstract Syntax Notation One, 1997.

5. Author's Addresses

   Denis Pinkas
   Bull
   68, Route de Versailles
   78434 Louveciennes Cedex
   FRANCE
   Email: Denis.Pinkas@bull.net

   Thomas Gindin
   IBM Corporation
   6710 Rockledge Drive
   Bethesda, MD 20817
   USA
   Email: tgindin@us.ibm.com

6. Intellectual Property Rights

   The IETF takes no position regarding the validity or scope of any
   intellectual property or other rights that might be claimed to

Pinkas, Gindin                                                 [ Page 6]


Permanent Identifier                Document Expiration:       June 2003


   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; neither does it represent that it
   has made any effort to identify any such rights.  Information on the
   IETF's procedures with respect to rights in standards-track and
   standards related documentation can be found in BCP-11.  Copies of
   claims of rights made available for publication and any assurances of
   licenses to be made available, or the result of an attempt made to
   obtain a general license or permission for the use of such 
   proprietary rights by implementors or users of this specification 
   can be obtained from the IETF Secretariat.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights which may cover technology that may be required to practice
   this standard.  Please address the information to the IETF Executive
   Director.





































Pinkas, Gindin                                                 [ Page 7]


Permanent Identifier                Document Expiration:       June 2003


APPENDIX

ASN.1 definitions

A.1. 1988 ASN.1  Module

PKIXpermanentidentifier88 {iso(1) identified-organization(3) dod(6)
       internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
       id-mod-permanent-identifier-88(14) }

DEFINITIONS EXPLICIT TAGS ::=

   BEGIN

   -- EXPORTS ALL --

   IMPORTS

        id-pkix, AttributeType,
                FROM PKIX1Explicit88 {iso(1) identified-organization(3)
                dod(6) internet(1) security(5) mechanisms(5) pkix(7)
                id-mod(0) id-pkix1-explicit-88(1)}

   -- Object Identifiers

-- Externally defined OIDs

   -- Arc for other name forms
   id-on   OBJECT IDENTIFIER ::= { id-pkix 8 }

   -- permanent identifier

   id-on-permanentIdentifier   OBJECT IDENTIFIER ::= { id-on 3 }

     PermanentIdentifier ::=     SEQUENCE {
        identifierValue             IdentifierValue,
        identifierType              IdentifierType             OPTIONAL,
        matchingRule        [0]     IMPLICIT OBJECT IDENTIFIER OPTIONAL
     }

     IdentifierValue ::= CHOICE {
            iA5String            IA5String,
            uTF8String           UTF8String
     }

     IdentifierType ::= CHOICE {
            registeredOID                   OBJECT IDENTIFIER,
            uri                             IA5String
     }

END



Pinkas, Gindin                                                 [ Page 8]


Permanent Identifier                Document Expiration:       June 2003

A.2. 1993 ASN.1  Module

PKIXpermanentidentifier93 {iso(1) identified-organization(3) dod(6)
       internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
       id-mod-permanent-identifier-93(15) }

   DEFINITIONS EXPLICIT TAGS ::=

   BEGIN

   -- EXPORTS ALL --

   IMPORTS

id-pkix, ATTRIBUTE
       FROM PKIX1Explicit93 {iso(1) identified-organization(3) dod(6)
       internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
       id-pkix1-explicit-93(3)};

   -- Object Identifiers

-- Externally defined OIDs

   -- Arc for other name forms
   id-on   OBJECT IDENTIFIER ::= { id-pkix 8 }

-- Locally defined OIDs

id-on-permanentIdentifier     OBJECT IDENTIFIER ::= { id-on 3 }

   -- permanent identifier

   permanentIdentifier ATTRIBUTE ::= {
          WITH SYNTAX     PermanentIdentifier
          ID              id-on-permanentIdentifier }

     PermanentIdentifier ::=     SEQUENCE {
        identifierValue             IdentifierValue,
        identifierType              IdentifierType             OPTIONAL,
        matchingRule        [0]     IMPLICIT OBJECT IDENTIFIER OPTIONAL
     }

     IdentifierValue ::= CHOICE {
            iA5String            IA5String,
            uTF8String           UTF8String
     }

     IdentifierType ::= CHOICE {
            registeredOID                   OBJECT IDENTIFIER,
            uri                             IA5String,
     }

END


Pinkas, Gindin                                                 [ Page 9]


Permanent Identifier                Document Expiration:       June 2003


B. OID's for organizations

In order to obtain an OID for an identifier type, organizations need 
first to have a registered OID for themselves (or must use a permanent 
URI). In some cases, OID's are provided for free. In other cases a 
one-time fee is required. The main difference lies in the nature of 
the information that is collected at the time of registration and how 
this information is verified for its accuracy.

B.1. Using IANA (Internet Assigned Numbers Authority)

The application form for a Private Enterprise Number in the IANA's 
OID list is: http://www.iana.org/cgi-bin/enterprise.pl. 

Currently IANA assigns numbers for free. The IANA-registered Private 
Enterprises prefix is: iso.org.dod.internet.private.enterprise 
(1.3.6.1.4.1)

These numbers are used, among other things, for defining private 
SNMP MIBs.

The official assignments under this OID are stored in the IANA file 
"enterprise-numbers" available at: 
ftp://ftp.isi.edu/in-notes/iana/assignments/enterprise-numbers

B.2. Using an ISO member body

ISO has defined the OID structure in a such a way so that every ISO 
member-body has its own unique OID. Then every ISO member-body is free 
to allocate its own arc space below. 

Organizations and enterprises may contact the ISO member-body where 
their organization or enterprise is established to obtain an 
organization/enterprise OID.

Currently, ISO members do not assign organization/enterprise OID's for 
free. 

Most of them do not publish registries of such OID's which they have 
assigned, sometimes restricting the access to registered organizations 
or preferring to charge inquirers for the assignee of an OID on a 
per-inquiry basis. The use of OID's from an ISO member organization 
which does not publish such a registry may impose extra costs on the 
CA that needs to make sure that the OID corresponds to the registered 
organization.

As an example, AFNOR (Association Francaise de Normalisation - the 
French organization that is a member of ISO) has defined an arc to 
allocate OID's for companies: 

{iso (1) member-body (2) fr (250) type-org (1) organisation (n)}



Pinkas, Gindin                                                [ Page 10]


Permanent Identifier                Document Expiration:       June 2003

B.3. Using an ICD (International Code Designator) from British Standards
Institution to specify a new or an existing identification scheme

The International Code Designator (ICD) is used to uniquely identify an 
ISO 6523 compliant organization identification scheme. ISO 6523 is a 
standard that defines the proper structure of an identifier and the 
registration procedure for an ICD.

The conjunction of the ICD with an identifier issued by the registration 
authority is worldwide unique.

The basic structure of the code is contains the following components:

   - the ICD value: The International Code Designator issued to the
     identification scheme makes the identifier worldwide unique 
     (up to 4 digits),

   - the Organization, usually a company or governmental body 
     (up to 35 characters),

   - an Organization Part (OPI - Organization Part Identifier). 
     An identifier allocated to a particular Organization Part
     (optional, up to 35 characters)

The ICD is also equivalent to an object identifier (OID) under the arc 
{1(iso). 3(identified organization)}. 

On behalf of ISO, British Standards Institution (BSI) is the 
Registration Authority for organizations under the arc {iso (1) org(3)}. 
This means BSI registers code issuing authorities (=organizations) by 
ICD values which are equivalent to OIDs of the form {iso (1) org(3) 
icd(xxxx)}. The corresponding IdentifierValue is the code value of the 
scheme identified by icd(xxxx).

Example: 

The ICD 0012 was allocated to 鬍uropean Computer Manufacturers 
Association : ECMA