+0 : CCITT : ccitt
+
1 : ISO : iso
+2 : JOINT-ISO-CCITT : joint-iso-ccitt
+
iso 2 : member-body : ISO Member Body
+joint-iso-ccitt 5 1 5 : selected-attribute-types : Selected Attribute Types
+
+selected-attribute-types 55 : clearance
+
member-body 840 : ISO-US : ISO US Member Body
ISO-US 10040 : X9-57 : X9.57
X9-57 4 : X9cm : X9.57 CM ?
X9cm 1 : DSA : dsaEncryption
X9cm 3 : DSA-SHA1 : dsaWithSHA1
+
+ISO-US 10045 : ansi-X9-62 : ANSI X9.62
+!module X9-62
+!Alias id-fieldType ansi-X9-62 1
+X9-62_id-fieldType 1 : prime-field
+X9-62_id-fieldType 2 : characteristic-two-field
+# ... characteristic-two-field OID subtree
+!Alias id-publicKeyType ansi-X9-62 2
+X9-62_id-publicKeyType 1 : id-ecPublicKey
+!Alias ellipticCurve ansi-X9-62 3
+!Alias c-TwoCurve X9-62_ellipticCurve 0
+# ... characteristic 2 curve OIDs
+!Alias primeCurve X9-62_ellipticCurve 1
+X9-62_primeCurve 1 : prime192v1
+X9-62_primeCurve 2 : prime192v2
+X9-62_primeCurve 3 : prime192v3
+X9-62_primeCurve 4 : prime239v1
+X9-62_primeCurve 5 : prime239v2
+X9-62_primeCurve 6 : prime239v3
+X9-62_primeCurve 7 : prime256v1
+!Alias id-ecSigType ansi-X9-62 4
+!global
+X9-62_id-ecSigType 1 : ecdsa-with-SHA1
+
+
+
ISO-US 113533 7 66 10 : CAST5-CBC : cast5-cbc
: CAST5-ECB : cast5-ecb
!Cname cast5-cfb64
pkcs 1 : pkcs1
pkcs1 1 : : rsaEncryption
pkcs1 2 : RSA-MD2 : md2WithRSAEncryption
+pkcs1 3 : RSA-MD4 : md4WithRSAEncryption
pkcs1 4 : RSA-MD5 : md5WithRSAEncryption
pkcs1 5 : RSA-SHA1 : sha1WithRSAEncryption
pkcs9 20 : : friendlyName
pkcs9 21 : : localKeyID
+!Cname ms-csp-name
+1 3 6 1 4 1 311 17 1 : CSPName : Microsoft CSP Name
!Alias certTypes pkcs9 22
certTypes 1 : : x509Certificate
certTypes 2 : : sdsiCertificate
id-pe 7 : sbqp-ipAddrBlock
id-pe 8 : sbqp-autonomousSysNum
id-pe 9 : sbqp-routerIdentifier
+id-pe 10 : ac-proxying
+!Cname sinfo-access
+id-pe 11 : subjectInfoAccess : Subject Information Access
# PKIX policyQualifiers for Internet policy qualifiers
id-qt 1 : id-qt-cps : Policy Qualifier CPS
# personal data attributes
id-pda 1 : id-pda-dateOfBirth
id-pda 2 : id-pda-placeOfBirth
-id-pda 3 : id-pda-pseudonym
-id-pda 4 : id-pda-gender
-id-pda 5 : id-pda-countryOfCitizenship
-id-pda 6 : id-pda-countryOfResidence
+id-pda 3 : id-pda-gender
+id-pda 4 : id-pda-countryOfCitizenship
+id-pda 5 : id-pda-countryOfResidence
+id-pda 6 : id-pda-pseudonym
# attribute certificate attributes
id-aca 1 : id-aca-authenticationInfo
id-aca 2 : id-aca-accessIdentity
id-aca 3 : id-aca-chargingIdentity
id-aca 4 : id-aca-group
+# attention : the following seems to be obsolete, replace by 'role'
id-aca 5 : id-aca-role
+id-aca 6 : id-aca-encAttrs
# qualified certificate statements
id-qcs 1 : id-qcs-pkixQCSyntax-v1
algorithm 12 : DSA-old : dsaEncryption-old
algorithm 13 : DSA-SHA : dsaWithSHA
algorithm 15 : RSA-SHA : shaWithRSAEncryption
+!Cname des-ede-ecb
algorithm 17 : DES-EDE : des-ede
+!Cname des-ede3-ecb
: DES-EDE3 : des-ede3
: DES-EDE-CBC : des-ede-cbc
!Cname des-ede-cfb64
X509 43 : I : initials
X509 45 : UID : uniqueIdentifier
X509 46 : dnQualifier : dnQualifier
+X509 72 : role : role
X500 8 : X500algorithms : directory services - algorithms
X500algorithms 1 1 : RSA : rsa
id-ce 32 : certificatePolicies : X509v3 Certificate Policies
!Cname authority-key-identifier
id-ce 35 : authorityKeyIdentifier : X509v3 Authority Key Identifier
+!Cname policy-constraints
+id-ce 36 : policyConstraints : X509v3 Policy Constraints
!Cname ext-key-usage
id-ce 37 : extendedKeyUsage : X509v3 Extended Key Usage
+!Cname target-information
+id-ce 55 : targetInformation : X509v3 AC Targeting
+!Cname no-rev-avail
+id-ce 56 : noRevAvail : X509v3 No Revocation Available
!Cname netscape
2 16 840 1 113730 : Netscape : Netscape Communications Corp.
# RFC 2247
enterprises 1466 344 : dcobject : dcObject
-# Stray OIDs we don't know the full name of each step for
-# RFC 2247
-0 9 2342 19200300 100 1 25 : DC : domainComponent
-0 9 2342 19200300 100 4 13 : domain : Domain
-
# What the hell are these OIDs, really?
!Cname rle-compression
1 1 1 1 666 1 : RLE : run length compression
!Cname zlib-compression
1 1 1 1 666 2 : ZLIB : zlib compression
-# Rijndael
- : RIJNDAEL-ECB-K128-B128: rijndael-ecb-k128-b128
- : RIJNDAEL-ECB-K192-B128: rijndael-ecb-k192-b128
- : RIJNDAEL-ECB-K256-B128: rijndael-ecb-k256-b128
- : RIJNDAEL-ECB-K128-B192: rijndael-ecb-k128-b192
- : RIJNDAEL-ECB-K192-B192: rijndael-ecb-k192-b192
- : RIJNDAEL-ECB-K256-B192: rijndael-ecb-k256-b192
- : RIJNDAEL-ECB-K128-B256: rijndael-ecb-k128-b256
- : RIJNDAEL-ECB-K192-B256: rijndael-ecb-k192-b256
- : RIJNDAEL-ECB-K256-B256: rijndael-ecb-k256-b256
- : RD128-CBC-B128 : rd128-cbc-b128
- : RD192-CBC-B128 : rd192-cbc-b128
- : RD256-CBC-B128 : rd256-cbc-b128
- : RD128-CBC-B192 : rd128-cbc-b192
- : RD192-CBC-B192 : rd192-cbc-b192
- : RD256-CBC-B192 : rd256-cbc-b192
- : RD128-CBC-B256 : rd128-cbc-b256
- : RD192-CBC-B256 : rd192-cbc-b256
- : RD256-CBC-B256 : rd256-cbc-b256
+# AES aka Rijndael
+
+!Alias csor 2 16 840 1 101 3
+!Alias nistAlgorithms csor 4
+!Alias aes nistAlgorithms 1
+
+aes 1 : AES-128-ECB : aes-128-ecb
+aes 2 : AES-128-CBC : aes-128-cbc
+aes 3 : AES-128-OFB : aes-128-ofb
+aes 4 : AES-128-CFB : aes-128-cfb
+
+aes 21 : AES-192-ECB : aes-192-ecb
+aes 22 : AES-192-CBC : aes-192-cbc
+aes 23 : AES-192-OFB : aes-192-ofb
+aes 24 : AES-192-CFB : aes-192-cfb
+
+aes 41 : AES-256-ECB : aes-256-ecb
+aes 42 : AES-256-CBC : aes-256-cbc
+aes 43 : AES-256-OFB : aes-256-ofb
+aes 44 : AES-256-CFB : aes-256-cfb
+
+# Hold instruction CRL entry extension
+!Cname hold-instruction-code
+id-ce 23 : holdInstructionCode : Hold Instruction Code
+!Alias holdInstruction X9-57 2
+!Cname hold-instruction-none
+holdInstruction 1 : holdInstructionNone : Hold Instruction None
+!Cname hold-instruction-call-issuer
+holdInstruction 2 : holdInstructionCallIssuer : Hold Instruction Call Issuer
+!Cname hold-instruction-reject
+holdInstruction 3 : holdInstructionReject : Hold Instruction Reject
+
+# OID's from CCITT. Most of this is defined in RFC 1274. A couple of
+# them are also mentioned in RFC 2247
+ccitt 9 : data
+data 2342 : pss
+pss 19200300 : ucl
+ucl 100 : pilot
+pilot 1 : : pilotAttributeType
+pilot 3 : : pilotAttributeSyntax
+pilot 4 : : pilotObjectClass
+pilot 10 : : pilotGroups
+pilotAttributeSyntax 4 : : iA5StringSyntax
+pilotAttributeSyntax 5 : : caseIgnoreIA5StringSyntax
+pilotObjectClass 3 : : pilotObject
+pilotObjectClass 4 : : pilotPerson
+pilotObjectClass 5 : account
+pilotObjectClass 6 : document
+pilotObjectClass 7 : room
+pilotObjectClass 9 : : documentSeries
+pilotObjectClass 13 : domain : Domain
+pilotObjectClass 14 : : rFC822localPart
+pilotObjectClass 15 : : dNSDomain
+pilotObjectClass 17 : : domainRelatedObject
+pilotObjectClass 18 : : friendlyCountry
+pilotObjectClass 19 : : simpleSecurityObject
+pilotObjectClass 20 : : pilotOrganization
+pilotObjectClass 21 : : pilotDSA
+pilotObjectClass 22 : : qualityLabelledData
+pilotAttributeType 1 : userid
+pilotAttributeType 2 : : textEncodedORAddress
+pilotAttributeType 3 : : rfc822Mailbox
+pilotAttributeType 4 : info
+pilotAttributeType 5 : : favouriteDrink
+pilotAttributeType 6 : : roomNumber
+pilotAttributeType 7 : photo
+pilotAttributeType 8 : : userClass
+pilotAttributeType 9 : host
+pilotAttributeType 10 : manager
+pilotAttributeType 11 : : documentIdentifier
+pilotAttributeType 12 : : documentTitle
+pilotAttributeType 13 : : documentVersion
+pilotAttributeType 14 : : documentAuthor
+pilotAttributeType 15 : : documentLocation
+pilotAttributeType 20 : : homeTelephoneNumber
+pilotAttributeType 21 : secretary
+pilotAttributeType 22 : : otherMailbox
+pilotAttributeType 23 : : lastModifiedTime
+pilotAttributeType 24 : : lastModifiedBy
+pilotAttributeType 25 : DC : domainComponent
+pilotAttributeType 26 : : aRecord
+pilotAttributeType 27 : : pilotAttributeType27
+pilotAttributeType 28 : : mXRecord
+pilotAttributeType 29 : : nSRecord
+pilotAttributeType 30 : : sOARecord
+pilotAttributeType 31 : : cNAMERecord
+pilotAttributeType 37 : : associatedDomain
+pilotAttributeType 38 : : associatedName
+pilotAttributeType 39 : : homePostalAddress
+pilotAttributeType 40 : : personalTitle
+pilotAttributeType 41 : : mobileTelephoneNumber
+pilotAttributeType 42 : : pagerTelephoneNumber
+pilotAttributeType 43 : : friendlyCountryName
+# The following clashes with 2.5.4.45, so commented away
+#pilotAttributeType 44 : uid : uniqueIdentifier
+pilotAttributeType 45 : : organizationalStatus
+pilotAttributeType 46 : : janetMailbox
+pilotAttributeType 47 : : mailPreferenceOption
+pilotAttributeType 48 : : buildingName
+pilotAttributeType 49 : : dSAQuality
+pilotAttributeType 50 : : singleLevelQuality
+pilotAttributeType 51 : : subtreeMinimumQuality
+pilotAttributeType 52 : : subtreeMaximumQuality
+pilotAttributeType 53 : : personalSignature
+pilotAttributeType 54 : : dITRedirect
+pilotAttributeType 55 : audio
+pilotAttributeType 56 : : documentPublisher