# CCITT was renamed to ITU-T quite some time ago 0 : ITU-T : itu-t !Alias ccitt itu-t 1 : ISO : iso 2 : JOINT-ISO-ITU-T : joint-iso-itu-t !Alias joint-iso-ccitt joint-iso-itu-t iso 2 : member-body : ISO Member Body iso 3 : identified-organization identified-organization 132 : certicom-arc joint-iso-itu-t 23 : international-organizations : International Organizations international-organizations 43 : wap wap 13 : wap-wsg joint-iso-itu-t 5 1 5 : selected-attribute-types : Selected Attribute Types selected-attribute-types 55 : clearance member-body 840 : ISO-US : ISO US Member Body ISO-US 10040 : X9-57 : X9.57 X9-57 4 : X9cm : X9.57 CM ? !Cname dsa X9cm 1 : DSA : dsaEncryption X9cm 3 : DSA-SHA1 : dsaWithSHA1 ISO-US 10045 : ansi-X9-62 : ANSI X9.62 !module X9-62 !Alias id-fieldType ansi-X9-62 1 X9-62_id-fieldType 1 : prime-field X9-62_id-fieldType 2 : characteristic-two-field X9-62_characteristic-two-field 3 : id-characteristic-two-basis X9-62_id-characteristic-two-basis 1 : onBasis X9-62_id-characteristic-two-basis 2 : tpBasis X9-62_id-characteristic-two-basis 3 : ppBasis !Alias id-publicKeyType ansi-X9-62 2 X9-62_id-publicKeyType 1 : id-ecPublicKey !Alias ellipticCurve ansi-X9-62 3 !Alias c-TwoCurve X9-62_ellipticCurve 0 X9-62_c-TwoCurve 1 : c2pnb163v1 X9-62_c-TwoCurve 2 : c2pnb163v2 X9-62_c-TwoCurve 3 : c2pnb163v3 X9-62_c-TwoCurve 4 : c2pnb176v1 X9-62_c-TwoCurve 5 : c2tnb191v1 X9-62_c-TwoCurve 6 : c2tnb191v2 X9-62_c-TwoCurve 7 : c2tnb191v3 X9-62_c-TwoCurve 8 : c2onb191v4 X9-62_c-TwoCurve 9 : c2onb191v5 X9-62_c-TwoCurve 10 : c2pnb208w1 X9-62_c-TwoCurve 11 : c2tnb239v1 X9-62_c-TwoCurve 12 : c2tnb239v2 X9-62_c-TwoCurve 13 : c2tnb239v3 X9-62_c-TwoCurve 14 : c2onb239v4 X9-62_c-TwoCurve 15 : c2onb239v5 X9-62_c-TwoCurve 16 : c2pnb272w1 X9-62_c-TwoCurve 17 : c2pnb304w1 X9-62_c-TwoCurve 18 : c2tnb359v1 X9-62_c-TwoCurve 19 : c2pnb368w1 X9-62_c-TwoCurve 20 : c2tnb431r1 !Alias primeCurve X9-62_ellipticCurve 1 X9-62_primeCurve 1 : prime192v1 X9-62_primeCurve 2 : prime192v2 X9-62_primeCurve 3 : prime192v3 X9-62_primeCurve 4 : prime239v1 X9-62_primeCurve 5 : prime239v2 X9-62_primeCurve 6 : prime239v3 X9-62_primeCurve 7 : prime256v1 !Alias id-ecSigType ansi-X9-62 4 !global X9-62_id-ecSigType 1 : ecdsa-with-SHA1 # SECG curve OIDs from "SEC 2: Recommended Elliptic Curve Domain Parameters" # (http://www.secg.org/) !Alias secg_ellipticCurve certicom-arc 0 # SECG prime curves OIDs secg-ellipticCurve 6 : secp112r1 secg-ellipticCurve 7 : secp112r2 secg-ellipticCurve 28 : secp128r1 secg-ellipticCurve 29 : secp128r2 secg-ellipticCurve 9 : secp160k1 secg-ellipticCurve 8 : secp160r1 secg-ellipticCurve 30 : secp160r2 secg-ellipticCurve 31 : secp192k1 # NOTE: the curve secp192r1 is the same as prime192v1 defined above # and is therefore omitted secg-ellipticCurve 32 : secp224k1 secg-ellipticCurve 33 : secp224r1 secg-ellipticCurve 10 : secp256k1 # NOTE: the curve secp256r1 is the same as prime256v1 defined above # and is therefore omitted secg-ellipticCurve 34 : secp384r1 secg-ellipticCurve 35 : secp521r1 # SECG characteristic two curves OIDs secg-ellipticCurve 4 : sect113r1 secg-ellipticCurve 5 : sect113r2 secg-ellipticCurve 22 : sect131r1 secg-ellipticCurve 23 : sect131r2 secg-ellipticCurve 1 : sect163k1 secg-ellipticCurve 2 : sect163r1 secg-ellipticCurve 15 : sect163r2 secg-ellipticCurve 24 : sect193r1 secg-ellipticCurve 25 : sect193r2 secg-ellipticCurve 26 : sect233k1 secg-ellipticCurve 27 : sect233r1 secg-ellipticCurve 3 : sect239k1 secg-ellipticCurve 16 : sect283k1 secg-ellipticCurve 17 : sect283r1 secg-ellipticCurve 36 : sect409k1 secg-ellipticCurve 37 : sect409r1 secg-ellipticCurve 38 : sect571k1 secg-ellipticCurve 39 : sect571r1 # WAP/TLS curve OIDs (http://www.wapforum.org/) !Alias wap-wsg-idm-ecid wap-wsg 4 wap-wsg-idm-ecid 1 : wap-wsg-idm-ecid-wtls1 wap-wsg-idm-ecid 3 : wap-wsg-idm-ecid-wtls3 wap-wsg-idm-ecid 4 : wap-wsg-idm-ecid-wtls4 wap-wsg-idm-ecid 5 : wap-wsg-idm-ecid-wtls5 wap-wsg-idm-ecid 6 : wap-wsg-idm-ecid-wtls6 wap-wsg-idm-ecid 7 : wap-wsg-idm-ecid-wtls7 wap-wsg-idm-ecid 8 : wap-wsg-idm-ecid-wtls8 wap-wsg-idm-ecid 9 : wap-wsg-idm-ecid-wtls9 wap-wsg-idm-ecid 10 : wap-wsg-idm-ecid-wtls10 wap-wsg-idm-ecid 11 : wap-wsg-idm-ecid-wtls11 wap-wsg-idm-ecid 12 : wap-wsg-idm-ecid-wtls12 ISO-US 113533 7 66 10 : CAST5-CBC : cast5-cbc : CAST5-ECB : cast5-ecb !Cname cast5-cfb64 : CAST5-CFB : cast5-cfb !Cname cast5-ofb64 : CAST5-OFB : cast5-ofb !Cname pbeWithMD5AndCast5-CBC ISO-US 113533 7 66 12 : : pbeWithMD5AndCast5CBC ISO-US 113549 : rsadsi : RSA Data Security, Inc. rsadsi 1 : pkcs : RSA Data Security, Inc. PKCS pkcs 1 : pkcs1 pkcs1 1 : : rsaEncryption pkcs1 2 : RSA-MD2 : md2WithRSAEncryption pkcs1 3 : RSA-MD4 : md4WithRSAEncryption pkcs1 4 : RSA-MD5 : md5WithRSAEncryption pkcs1 5 : RSA-SHA1 : sha1WithRSAEncryption # According to PKCS #1 version 2.1 pkcs1 11 : RSA-SHA256 : sha256WithRSAEncryption pkcs1 12 : RSA-SHA384 : sha384WithRSAEncryption pkcs1 13 : RSA-SHA512 : sha512WithRSAEncryption pkcs1 14 : RSA-SHA224 : sha224WithRSAEncryption pkcs 3 : pkcs3 pkcs3 1 : : dhKeyAgreement pkcs 5 : pkcs5 pkcs5 1 : PBE-MD2-DES : pbeWithMD2AndDES-CBC pkcs5 3 : PBE-MD5-DES : pbeWithMD5AndDES-CBC pkcs5 4 : PBE-MD2-RC2-64 : pbeWithMD2AndRC2-CBC pkcs5 6 : PBE-MD5-RC2-64 : pbeWithMD5AndRC2-CBC pkcs5 10 : PBE-SHA1-DES : pbeWithSHA1AndDES-CBC pkcs5 11 : PBE-SHA1-RC2-64 : pbeWithSHA1AndRC2-CBC !Cname id_pbkdf2 pkcs5 12 : : PBKDF2 !Cname pbes2 pkcs5 13 : : PBES2 !Cname pbmac1 pkcs5 14 : : PBMAC1 pkcs 7 : pkcs7 pkcs7 1 : : pkcs7-data !Cname pkcs7-signed pkcs7 2 : : pkcs7-signedData !Cname pkcs7-enveloped pkcs7 3 : : pkcs7-envelopedData !Cname pkcs7-signedAndEnveloped pkcs7 4 : : pkcs7-signedAndEnvelopedData !Cname pkcs7-digest pkcs7 5 : : pkcs7-digestData !Cname pkcs7-encrypted pkcs7 6 : : pkcs7-encryptedData pkcs 9 : pkcs9 !module pkcs9 pkcs9 1 : : emailAddress pkcs9 2 : : unstructuredName pkcs9 3 : : contentType pkcs9 4 : : messageDigest pkcs9 5 : : signingTime pkcs9 6 : : countersignature pkcs9 7 : : challengePassword pkcs9 8 : : unstructuredAddress !Cname extCertAttributes pkcs9 9 : : extendedCertificateAttributes !global !Cname ext-req pkcs9 14 : extReq : Extension Request !Cname SMIMECapabilities pkcs9 15 : SMIME-CAPS : S/MIME Capabilities # S/MIME !Cname SMIME pkcs9 16 : SMIME : S/MIME SMIME 0 : id-smime-mod SMIME 1 : id-smime-ct SMIME 2 : id-smime-aa SMIME 3 : id-smime-alg SMIME 4 : id-smime-cd SMIME 5 : id-smime-spq SMIME 6 : id-smime-cti # S/MIME Modules id-smime-mod 1 : id-smime-mod-cms id-smime-mod 2 : id-smime-mod-ess id-smime-mod 3 : id-smime-mod-oid id-smime-mod 4 : id-smime-mod-msg-v3 id-smime-mod 5 : id-smime-mod-ets-eSignature-88 id-smime-mod 6 : id-smime-mod-ets-eSignature-97 id-smime-mod 7 : id-smime-mod-ets-eSigPolicy-88 id-smime-mod 8 : id-smime-mod-ets-eSigPolicy-97 # S/MIME Content Types id-smime-ct 1 : id-smime-ct-receipt id-smime-ct 2 : id-smime-ct-authData id-smime-ct 3 : id-smime-ct-publishCert id-smime-ct 4 : id-smime-ct-TSTInfo id-smime-ct 5 : id-smime-ct-TDTInfo id-smime-ct 6 : id-smime-ct-contentInfo id-smime-ct 7 : id-smime-ct-DVCSRequestData id-smime-ct 8 : id-smime-ct-DVCSResponseData # S/MIME Attributes id-smime-aa 1 : id-smime-aa-receiptRequest id-smime-aa 2 : id-smime-aa-securityLabel id-smime-aa 3 : id-smime-aa-mlExpandHistory id-smime-aa 4 : id-smime-aa-contentHint id-smime-aa 5 : id-smime-aa-msgSigDigest # obsolete id-smime-aa 6 : id-smime-aa-encapContentType id-smime-aa 7 : id-smime-aa-contentIdentifier # obsolete id-smime-aa 8 : id-smime-aa-macValue id-smime-aa 9 : id-smime-aa-equivalentLabels id-smime-aa 10 : id-smime-aa-contentReference id-smime-aa 11 : id-smime-aa-encrypKeyPref id-smime-aa 12 : id-smime-aa-signingCertificate id-smime-aa 13 : id-smime-aa-smimeEncryptCerts id-smime-aa 14 : id-smime-aa-timeStampToken id-smime-aa 15 : id-smime-aa-ets-sigPolicyId id-smime-aa 16 : id-smime-aa-ets-commitmentType id-smime-aa 17 : id-smime-aa-ets-signerLocation id-smime-aa 18 : id-smime-aa-ets-signerAttr id-smime-aa 19 : id-smime-aa-ets-otherSigCert id-smime-aa 20 : id-smime-aa-ets-contentTimestamp id-smime-aa 21 : id-smime-aa-ets-CertificateRefs id-smime-aa 22 : id-smime-aa-ets-RevocationRefs id-smime-aa 23 : id-smime-aa-ets-certValues id-smime-aa 24 : id-smime-aa-ets-revocationValues id-smime-aa 25 : id-smime-aa-ets-escTimeStamp id-smime-aa 26 : id-smime-aa-ets-certCRLTimestamp id-smime-aa 27 : id-smime-aa-ets-archiveTimeStamp id-smime-aa 28 : id-smime-aa-signatureType id-smime-aa 29 : id-smime-aa-dvcs-dvc # S/MIME Algorithm Identifiers # obsolete id-smime-alg 1 : id-smime-alg-ESDHwith3DES # obsolete id-smime-alg 2 : id-smime-alg-ESDHwithRC2 # obsolete id-smime-alg 3 : id-smime-alg-3DESwrap # obsolete id-smime-alg 4 : id-smime-alg-RC2wrap id-smime-alg 5 : id-smime-alg-ESDH id-smime-alg 6 : id-smime-alg-CMS3DESwrap id-smime-alg 7 : id-smime-alg-CMSRC2wrap # S/MIME Certificate Distribution id-smime-cd 1 : id-smime-cd-ldap # S/MIME Signature Policy Qualifier id-smime-spq 1 : id-smime-spq-ets-sqt-uri id-smime-spq 2 : id-smime-spq-ets-sqt-unotice # S/MIME Commitment Type Identifier id-smime-cti 1 : id-smime-cti-ets-proofOfOrigin id-smime-cti 2 : id-smime-cti-ets-proofOfReceipt id-smime-cti 3 : id-smime-cti-ets-proofOfDelivery id-smime-cti 4 : id-smime-cti-ets-proofOfSender id-smime-cti 5 : id-smime-cti-ets-proofOfApproval id-smime-cti 6 : id-smime-cti-ets-proofOfCreation pkcs9 20 : : friendlyName pkcs9 21 : : localKeyID !Cname ms-csp-name 1 3 6 1 4 1 311 17 1 : CSPName : Microsoft CSP Name !Alias certTypes pkcs9 22 certTypes 1 : : x509Certificate certTypes 2 : : sdsiCertificate !Alias crlTypes pkcs9 23 crlTypes 1 : : x509Crl !Alias pkcs12 pkcs 12 !Alias pkcs12-pbeids pkcs12 1 !Cname pbe-WithSHA1And128BitRC4 pkcs12-pbeids 1 : PBE-SHA1-RC4-128 : pbeWithSHA1And128BitRC4 !Cname pbe-WithSHA1And40BitRC4 pkcs12-pbeids 2 : PBE-SHA1-RC4-40 : pbeWithSHA1And40BitRC4 !Cname pbe-WithSHA1And3_Key_TripleDES-CBC pkcs12-pbeids 3 : PBE-SHA1-3DES : pbeWithSHA1And3-KeyTripleDES-CBC !Cname pbe-WithSHA1And2_Key_TripleDES-CBC pkcs12-pbeids 4 : PBE-SHA1-2DES : pbeWithSHA1And2-KeyTripleDES-CBC !Cname pbe-WithSHA1And128BitRC2-CBC pkcs12-pbeids 5 : PBE-SHA1-RC2-128 : pbeWithSHA1And128BitRC2-CBC !Cname pbe-WithSHA1And40BitRC2-CBC pkcs12-pbeids 6 : PBE-SHA1-RC2-40 : pbeWithSHA1And40BitRC2-CBC !Alias pkcs12-Version1 pkcs12 10 !Alias pkcs12-BagIds pkcs12-Version1 1 pkcs12-BagIds 1 : : keyBag pkcs12-BagIds 2 : : pkcs8ShroudedKeyBag pkcs12-BagIds 3 : : certBag pkcs12-BagIds 4 : : crlBag pkcs12-BagIds 5 : : secretBag pkcs12-BagIds 6 : : safeContentsBag rsadsi 2 2 : MD2 : md2 rsadsi 2 4 : MD4 : md4 rsadsi 2 5 : MD5 : md5 : MD5-SHA1 : md5-sha1 rsadsi 2 7 : : hmacWithSHA1 rsadsi 3 2 : RC2-CBC : rc2-cbc : RC2-ECB : rc2-ecb !Cname rc2-cfb64 : RC2-CFB : rc2-cfb !Cname rc2-ofb64 : RC2-OFB : rc2-ofb : RC2-40-CBC : rc2-40-cbc : RC2-64-CBC : rc2-64-cbc rsadsi 3 4 : RC4 : rc4 : RC4-40 : rc4-40 rsadsi 3 7 : DES-EDE3-CBC : des-ede3-cbc rsadsi 3 8 : RC5-CBC : rc5-cbc : RC5-ECB : rc5-ecb !Cname rc5-cfb64 : RC5-CFB : rc5-cfb !Cname rc5-ofb64 : RC5-OFB : rc5-ofb !Cname ms-ext-req 1 3 6 1 4 1 311 2 1 14 : msExtReq : Microsoft Extension Request !Cname ms-code-ind 1 3 6 1 4 1 311 2 1 21 : msCodeInd : Microsoft Individual Code Signing !Cname ms-code-com 1 3 6 1 4 1 311 2 1 22 : msCodeCom : Microsoft Commercial Code Signing !Cname ms-ctl-sign 1 3 6 1 4 1 311 10 3 1 : msCTLSign : Microsoft Trust List Signing !Cname ms-sgc 1 3 6 1 4 1 311 10 3 3 : msSGC : Microsoft Server Gated Crypto !Cname ms-efs 1 3 6 1 4 1 311 10 3 4 : msEFS : Microsoft Encrypted File System !Cname ms-smartcard-login 1 3 6 1 4 1 311 20 2 2 : msSmartcardLogin : Microsoft Smartcardlogin !Cname ms-upn 1 3 6 1 4 1 311 20 2 3 : msUPN : Microsoft Universal Principal Name 1 3 6 1 4 1 188 7 1 1 2 : IDEA-CBC : idea-cbc : IDEA-ECB : idea-ecb !Cname idea-cfb64 : IDEA-CFB : idea-cfb !Cname idea-ofb64 : IDEA-OFB : idea-ofb 1 3 6 1 4 1 3029 1 2 : BF-CBC : bf-cbc : BF-ECB : bf-ecb !Cname bf-cfb64 : BF-CFB : bf-cfb !Cname bf-ofb64 : BF-OFB : bf-ofb !Cname id-pkix 1 3 6 1 5 5 7 : PKIX # PKIX Arcs id-pkix 0 : id-pkix-mod id-pkix 1 : id-pe id-pkix 2 : id-qt id-pkix 3 : id-kp id-pkix 4 : id-it id-pkix 5 : id-pkip id-pkix 6 : id-alg id-pkix 7 : id-cmc id-pkix 8 : id-on id-pkix 9 : id-pda id-pkix 10 : id-aca id-pkix 11 : id-qcs id-pkix 12 : id-cct id-pkix 21 : id-ppl id-pkix 48 : id-ad # PKIX Modules id-pkix-mod 1 : id-pkix1-explicit-88 id-pkix-mod 2 : id-pkix1-implicit-88 id-pkix-mod 3 : id-pkix1-explicit-93 id-pkix-mod 4 : id-pkix1-implicit-93 id-pkix-mod 5 : id-mod-crmf id-pkix-mod 6 : id-mod-cmc id-pkix-mod 7 : id-mod-kea-profile-88 id-pkix-mod 8 : id-mod-kea-profile-93 id-pkix-mod 9 : id-mod-cmp id-pkix-mod 10 : id-mod-qualified-cert-88 id-pkix-mod 11 : id-mod-qualified-cert-93 id-pkix-mod 12 : id-mod-attribute-cert id-pkix-mod 13 : id-mod-timestamp-protocol id-pkix-mod 14 : id-mod-ocsp id-pkix-mod 15 : id-mod-dvcs id-pkix-mod 16 : id-mod-cmp2000 # PKIX Private Extensions !Cname info-access id-pe 1 : authorityInfoAccess : Authority Information Access id-pe 2 : biometricInfo : Biometric Info id-pe 3 : qcStatements id-pe 4 : ac-auditEntity id-pe 5 : ac-targeting id-pe 6 : aaControls id-pe 7 : sbqp-ipAddrBlock id-pe 8 : sbqp-autonomousSysNum id-pe 9 : sbqp-routerIdentifier id-pe 10 : ac-proxying !Cname sinfo-access id-pe 11 : subjectInfoAccess : Subject Information Access id-pe 14 : proxyCertInfo : Proxy Certificate Information # PKIX policyQualifiers for Internet policy qualifiers id-qt 1 : id-qt-cps : Policy Qualifier CPS id-qt 2 : id-qt-unotice : Policy Qualifier User Notice id-qt 3 : textNotice # PKIX key purpose identifiers !Cname server-auth id-kp 1 : serverAuth : TLS Web Server Authentication !Cname client-auth id-kp 2 : clientAuth : TLS Web Client Authentication !Cname code-sign id-kp 3 : codeSigning : Code Signing !Cname email-protect id-kp 4 : emailProtection : E-mail Protection id-kp 5 : ipsecEndSystem : IPSec End System id-kp 6 : ipsecTunnel : IPSec Tunnel id-kp 7 : ipsecUser : IPSec User !Cname time-stamp id-kp 8 : timeStamping : Time Stamping # From OCSP spec RFC2560 !Cname OCSP-sign id-kp 9 : OCSPSigning : OCSP Signing id-kp 10 : DVCS : dvcs # CMP information types id-it 1 : id-it-caProtEncCert id-it 2 : id-it-signKeyPairTypes id-it 3 : id-it-encKeyPairTypes id-it 4 : id-it-preferredSymmAlg id-it 5 : id-it-caKeyUpdateInfo id-it 6 : id-it-currentCRL id-it 7 : id-it-unsupportedOIDs # obsolete id-it 8 : id-it-subscriptionRequest # obsolete id-it 9 : id-it-subscriptionResponse id-it 10 : id-it-keyPairParamReq id-it 11 : id-it-keyPairParamRep id-it 12 : id-it-revPassphrase id-it 13 : id-it-implicitConfirm id-it 14 : id-it-confirmWaitTime id-it 15 : id-it-origPKIMessage # CRMF registration id-pkip 1 : id-regCtrl id-pkip 2 : id-regInfo # CRMF registration controls id-regCtrl 1 : id-regCtrl-regToken id-regCtrl 2 : id-regCtrl-authenticator id-regCtrl 3 : id-regCtrl-pkiPublicationInfo id-regCtrl 4 : id-regCtrl-pkiArchiveOptions id-regCtrl 5 : id-regCtrl-oldCertID id-regCtrl 6 : id-regCtrl-protocolEncrKey # CRMF registration information id-regInfo 1 : id-regInfo-utf8Pairs id-regInfo 2 : id-regInfo-certReq # algorithms id-alg 1 : id-alg-des40 id-alg 2 : id-alg-noSignature id-alg 3 : id-alg-dh-sig-hmac-sha1 id-alg 4 : id-alg-dh-pop # CMC controls id-cmc 1 : id-cmc-statusInfo id-cmc 2 : id-cmc-identification id-cmc 3 : id-cmc-identityProof id-cmc 4 : id-cmc-dataReturn id-cmc 5 : id-cmc-transactionId id-cmc 6 : id-cmc-senderNonce id-cmc 7 : id-cmc-recipientNonce id-cmc 8 : id-cmc-addExtensions id-cmc 9 : id-cmc-encryptedPOP id-cmc 10 : id-cmc-decryptedPOP id-cmc 11 : id-cmc-lraPOPWitness id-cmc 15 : id-cmc-getCert id-cmc 16 : id-cmc-getCRL id-cmc 17 : id-cmc-revokeRequest id-cmc 18 : id-cmc-regInfo id-cmc 19 : id-cmc-responseInfo id-cmc 21 : id-cmc-queryPending id-cmc 22 : id-cmc-popLinkRandom id-cmc 23 : id-cmc-popLinkWitness id-cmc 24 : id-cmc-confirmCertAcceptance # other names id-on 1 : id-on-personalData # personal data attributes id-pda 1 : id-pda-dateOfBirth id-pda 2 : id-pda-placeOfBirth id-pda 3 : id-pda-gender id-pda 4 : id-pda-countryOfCitizenship id-pda 5 : id-pda-countryOfResidence # attribute certificate attributes id-aca 1 : id-aca-authenticationInfo id-aca 2 : id-aca-accessIdentity id-aca 3 : id-aca-chargingIdentity id-aca 4 : id-aca-group # attention : the following seems to be obsolete, replace by 'role' id-aca 5 : id-aca-role id-aca 6 : id-aca-encAttrs # qualified certificate statements id-qcs 1 : id-qcs-pkixQCSyntax-v1 # CMC content types id-cct 1 : id-cct-crs id-cct 2 : id-cct-PKIData id-cct 3 : id-cct-PKIResponse # Predefined Proxy Certificate policy languages id-ppl 0 : id-ppl-anyLanguage : Any language id-ppl 1 : id-ppl-inheritAll : Inherit all id-ppl 2 : id-ppl-independent : Independent # access descriptors for authority info access extension !Cname ad-OCSP id-ad 1 : OCSP : OCSP !Cname ad-ca-issuers id-ad 2 : caIssuers : CA Issuers !Cname ad-timeStamping id-ad 3 : ad_timestamping : AD Time Stamping !Cname ad-dvcs id-ad 4 : AD_DVCS : ad dvcs !Alias id-pkix-OCSP ad-OCSP !module id-pkix-OCSP !Cname basic id-pkix-OCSP 1 : basicOCSPResponse : Basic OCSP Response id-pkix-OCSP 2 : Nonce : OCSP Nonce id-pkix-OCSP 3 : CrlID : OCSP CRL ID id-pkix-OCSP 4 : acceptableResponses : Acceptable OCSP Responses id-pkix-OCSP 5 : noCheck : OCSP No Check id-pkix-OCSP 6 : archiveCutoff : OCSP Archive Cutoff id-pkix-OCSP 7 : serviceLocator : OCSP Service Locator id-pkix-OCSP 8 : extendedStatus : Extended OCSP Status id-pkix-OCSP 9 : valid id-pkix-OCSP 10 : path id-pkix-OCSP 11 : trustRoot : Trust Root !global 1 3 14 3 2 : algorithm : algorithm algorithm 3 : RSA-NP-MD5 : md5WithRSA algorithm 6 : DES-ECB : des-ecb algorithm 7 : DES-CBC : des-cbc !Cname des-ofb64 algorithm 8 : DES-OFB : des-ofb !Cname des-cfb64 algorithm 9 : DES-CFB : des-cfb algorithm 11 : rsaSignature !Cname dsa-2 algorithm 12 : DSA-old : dsaEncryption-old algorithm 13 : DSA-SHA : dsaWithSHA algorithm 15 : RSA-SHA : shaWithRSAEncryption !Cname des-ede-ecb algorithm 17 : DES-EDE : des-ede !Cname des-ede3-ecb : DES-EDE3 : des-ede3 : DES-EDE-CBC : des-ede-cbc !Cname des-ede-cfb64 : DES-EDE-CFB : des-ede-cfb !Cname des-ede3-cfb64 : DES-EDE3-CFB : des-ede3-cfb !Cname des-ede-ofb64 : DES-EDE-OFB : des-ede-ofb !Cname des-ede3-ofb64 : DES-EDE3-OFB : des-ede3-ofb : DESX-CBC : desx-cbc algorithm 18 : SHA : sha algorithm 26 : SHA1 : sha1 !Cname dsaWithSHA1-2 algorithm 27 : DSA-SHA1-old : dsaWithSHA1-old algorithm 29 : RSA-SHA1-2 : sha1WithRSA 1 3 36 3 2 1 : RIPEMD160 : ripemd160 1 3 36 3 3 1 2 : RSA-RIPEMD160 : ripemd160WithRSA !Cname sxnet 1 3 101 1 4 1 : SXNetID : Strong Extranet ID 2 5 : X500 : directory services (X.500) X500 4 : X509 X509 3 : CN : commonName X509 4 : SN : surname X509 5 : : serialNumber X509 6 : C : countryName X509 7 : L : localityName X509 8 : ST : stateOrProvinceName X509 9 : : streetAddress X509 10 : O : organizationName X509 11 : OU : organizationalUnitName X509 12 : : title X509 13 : : description X509 17 : : postalCode X509 41 : name : name X509 42 : GN : givenName X509 43 : : initials X509 44 : : generationQualifier X509 45 : : x500UniqueIdentifier X509 46 : dnQualifier : dnQualifier X509 65 : : pseudonym X509 72 : role : role X500 8 : X500algorithms : directory services - algorithms X500algorithms 1 1 : RSA : rsa X500algorithms 3 100 : RSA-MDC2 : mdc2WithRSA X500algorithms 3 101 : MDC2 : mdc2 X500 29 : id-ce !Cname subject-key-identifier id-ce 14 : subjectKeyIdentifier : X509v3 Subject Key Identifier !Cname key-usage id-ce 15 : keyUsage : X509v3 Key Usage !Cname private-key-usage-period id-ce 16 : privateKeyUsagePeriod : X509v3 Private Key Usage Period !Cname subject-alt-name id-ce 17 : subjectAltName : X509v3 Subject Alternative Name !Cname issuer-alt-name id-ce 18 : issuerAltName : X509v3 Issuer Alternative Name !Cname basic-constraints id-ce 19 : basicConstraints : X509v3 Basic Constraints !Cname crl-number id-ce 20 : crlNumber : X509v3 CRL Number !Cname crl-reason id-ce 21 : CRLReason : X509v3 CRL Reason Code !Cname invalidity-date id-ce 24 : invalidityDate : Invalidity Date !Cname delta-crl id-ce 27 : deltaCRL : X509v3 Delta CRL Indicator !Cname name-constraints id-ce 30 : nameConstraints : X509v3 Name Constraints !Cname crl-distribution-points id-ce 31 : crlDistributionPoints : X509v3 CRL Distribution Points !Cname certificate-policies id-ce 32 : certificatePolicies : X509v3 Certificate Policies !Cname any-policy certificate-policies 0 : anyPolicy : X509v3 Any Policy !Cname policy-mappings id-ce 33 : policyMappings : X509v3 Policy Mappings !Cname authority-key-identifier id-ce 35 : authorityKeyIdentifier : X509v3 Authority Key Identifier !Cname policy-constraints id-ce 36 : policyConstraints : X509v3 Policy Constraints !Cname ext-key-usage id-ce 37 : extendedKeyUsage : X509v3 Extended Key Usage !Cname inhibit-any-policy id-ce 54 : inhibitAnyPolicy : X509v3 Inhibit Any Policy !Cname target-information id-ce 55 : targetInformation : X509v3 AC Targeting !Cname no-rev-avail id-ce 56 : noRevAvail : X509v3 No Revocation Available !Cname netscape 2 16 840 1 113730 : Netscape : Netscape Communications Corp. !Cname netscape-cert-extension netscape 1 : nsCertExt : Netscape Certificate Extension !Cname netscape-data-type netscape 2 : nsDataType : Netscape Data Type !Cname netscape-cert-type netscape-cert-extension 1 : nsCertType : Netscape Cert Type !Cname netscape-base-url netscape-cert-extension 2 : nsBaseUrl : Netscape Base Url !Cname netscape-revocation-url netscape-cert-extension 3 : nsRevocationUrl : Netscape Revocation Url !Cname netscape-ca-revocation-url netscape-cert-extension 4 : nsCaRevocationUrl : Netscape CA Revocation Url !Cname netscape-renewal-url netscape-cert-extension 7 : nsRenewalUrl : Netscape Renewal Url !Cname netscape-ca-policy-url netscape-cert-extension 8 : nsCaPolicyUrl : Netscape CA Policy Url !Cname netscape-ssl-server-name netscape-cert-extension 12 : nsSslServerName : Netscape SSL Server Name !Cname netscape-comment netscape-cert-extension 13 : nsComment : Netscape Comment !Cname netscape-cert-sequence netscape-data-type 5 : nsCertSequence : Netscape Certificate Sequence !Cname ns-sgc netscape 4 1 : nsSGC : Netscape Server Gated Crypto # iso(1) iso 3 : ORG : org org 6 : DOD : dod dod 1 : IANA : iana !Alias internet iana internet 1 : directory : Directory internet 2 : mgmt : Management internet 3 : experimental : Experimental internet 4 : private : Private internet 5 : security : Security internet 6 : snmpv2 : SNMPv2 # Documents refer to "internet 7" as "mail". This however leads to ambiguities # with RFC2798, Section 9.1.3, where "mail" is defined as the short name for # rfc822Mailbox. The short name is therefore here left out for a reason. # Subclasses of "mail", e.g. "MIME MHS" don't consitute a problem, as # references are realized via long name "Mail" (with capital M). internet 7 : : Mail Private 1 : enterprises : Enterprises # RFC 2247 Enterprises 1466 344 : dcobject : dcObject # RFC 1495 Mail 1 : mime-mhs : MIME MHS mime-mhs 1 : mime-mhs-headings : mime-mhs-headings mime-mhs 2 : mime-mhs-bodies : mime-mhs-bodies mime-mhs-headings 1 : id-hex-partial-message : id-hex-partial-message mime-mhs-headings 2 : id-hex-multipart-message : id-hex-multipart-message # What the hell are these OIDs, really? !Cname rle-compression 1 1 1 1 666 1 : RLE : run length compression !Cname zlib-compression 1 1 1 1 666 2 : ZLIB : zlib compression # AES aka Rijndael !Alias csor 2 16 840 1 101 3 !Alias nistAlgorithms csor 4 !Alias aes nistAlgorithms 1 aes 1 : AES-128-ECB : aes-128-ecb aes 2 : AES-128-CBC : aes-128-cbc !Cname aes-128-ofb128 aes 3 : AES-128-OFB : aes-128-ofb !Cname aes-128-cfb128 aes 4 : AES-128-CFB : aes-128-cfb aes 21 : AES-192-ECB : aes-192-ecb aes 22 : AES-192-CBC : aes-192-cbc !Cname aes-192-ofb128 aes 23 : AES-192-OFB : aes-192-ofb !Cname aes-192-cfb128 aes 24 : AES-192-CFB : aes-192-cfb aes 41 : AES-256-ECB : aes-256-ecb aes 42 : AES-256-CBC : aes-256-cbc !Cname aes-256-ofb128 aes 43 : AES-256-OFB : aes-256-ofb !Cname aes-256-cfb128 aes 44 : AES-256-CFB : aes-256-cfb # There are no OIDs for these modes... : AES-128-CFB1 : aes-128-cfb1 : AES-192-CFB1 : aes-192-cfb1 : AES-256-CFB1 : aes-256-cfb1 : AES-128-CFB8 : aes-128-cfb8 : AES-192-CFB8 : aes-192-cfb8 : AES-256-CFB8 : aes-256-cfb8 : DES-CFB1 : des-cfb1 : DES-CFB8 : des-cfb8 : DES-EDE3-CFB1 : des-ede3-cfb1 : DES-EDE3-CFB8 : des-ede3-cfb8 # OIDs for SHA224, SHA256, SHA385 and SHA512, according to x9.84. !Alias nist_hashalgs nistAlgorithms 2 nist_hashalgs 1 : SHA256 : sha256 nist_hashalgs 2 : SHA384 : sha384 nist_hashalgs 3 : SHA512 : sha512 nist_hashalgs 4 : SHA224 : sha224 # Hold instruction CRL entry extension !Cname hold-instruction-code id-ce 23 : holdInstructionCode : Hold Instruction Code !Alias holdInstruction X9-57 2 !Cname hold-instruction-none holdInstruction 1 : holdInstructionNone : Hold Instruction None !Cname hold-instruction-call-issuer holdInstruction 2 : holdInstructionCallIssuer : Hold Instruction Call Issuer !Cname hold-instruction-reject holdInstruction 3 : holdInstructionReject : Hold Instruction Reject # OID's from ITU-T. Most of this is defined in RFC 1274. A couple of # them are also mentioned in RFC 2247 itu-t 9 : data data 2342 : pss pss 19200300 : ucl ucl 100 : pilot pilot 1 : : pilotAttributeType pilot 3 : : pilotAttributeSyntax pilot 4 : : pilotObjectClass pilot 10 : : pilotGroups pilotAttributeSyntax 4 : : iA5StringSyntax pilotAttributeSyntax 5 : : caseIgnoreIA5StringSyntax pilotObjectClass 3 : : pilotObject pilotObjectClass 4 : : pilotPerson pilotObjectClass 5 : account pilotObjectClass 6 : document pilotObjectClass 7 : room pilotObjectClass 9 : : documentSeries pilotObjectClass 13 : domain : Domain pilotObjectClass 14 : : rFC822localPart pilotObjectClass 15 : : dNSDomain pilotObjectClass 17 : : domainRelatedObject pilotObjectClass 18 : : friendlyCountry pilotObjectClass 19 : : simpleSecurityObject pilotObjectClass 20 : : pilotOrganization pilotObjectClass 21 : : pilotDSA pilotObjectClass 22 : : qualityLabelledData pilotAttributeType 1 : UID : userId pilotAttributeType 2 : : textEncodedORAddress pilotAttributeType 3 : mail : rfc822Mailbox pilotAttributeType 4 : info pilotAttributeType 5 : : favouriteDrink pilotAttributeType 6 : : roomNumber pilotAttributeType 7 : photo pilotAttributeType 8 : : userClass pilotAttributeType 9 : host pilotAttributeType 10 : manager pilotAttributeType 11 : : documentIdentifier pilotAttributeType 12 : : documentTitle pilotAttributeType 13 : : documentVersion pilotAttributeType 14 : : documentAuthor pilotAttributeType 15 : : documentLocation pilotAttributeType 20 : : homeTelephoneNumber pilotAttributeType 21 : secretary pilotAttributeType 22 : : otherMailbox pilotAttributeType 23 : : lastModifiedTime pilotAttributeType 24 : : lastModifiedBy pilotAttributeType 25 : DC : domainComponent pilotAttributeType 26 : : aRecord pilotAttributeType 27 : : pilotAttributeType27 pilotAttributeType 28 : : mXRecord pilotAttributeType 29 : : nSRecord pilotAttributeType 30 : : sOARecord pilotAttributeType 31 : : cNAMERecord pilotAttributeType 37 : : associatedDomain pilotAttributeType 38 : : associatedName pilotAttributeType 39 : : homePostalAddress pilotAttributeType 40 : : personalTitle pilotAttributeType 41 : : mobileTelephoneNumber pilotAttributeType 42 : : pagerTelephoneNumber pilotAttributeType 43 : : friendlyCountryName # The following clashes with 2.5.4.45, so commented away #pilotAttributeType 44 : uid : uniqueIdentifier pilotAttributeType 45 : : organizationalStatus pilotAttributeType 46 : : janetMailbox pilotAttributeType 47 : : mailPreferenceOption pilotAttributeType 48 : : buildingName pilotAttributeType 49 : : dSAQuality pilotAttributeType 50 : : singleLevelQuality pilotAttributeType 51 : : subtreeMinimumQuality pilotAttributeType 52 : : subtreeMaximumQuality pilotAttributeType 53 : : personalSignature pilotAttributeType 54 : : dITRedirect pilotAttributeType 55 : audio pilotAttributeType 56 : : documentPublisher international-organizations 42 : id-set : Secure Electronic Transactions id-set 0 : set-ctype : content types id-set 1 : set-msgExt : message extensions id-set 3 : set-attr id-set 5 : set-policy id-set 7 : set-certExt : certificate extensions id-set 8 : set-brand set-ctype 0 : setct-PANData set-ctype 1 : setct-PANToken set-ctype 2 : setct-PANOnly set-ctype 3 : setct-OIData set-ctype 4 : setct-PI set-ctype 5 : setct-PIData set-ctype 6 : setct-PIDataUnsigned set-ctype 7 : setct-HODInput set-ctype 8 : setct-AuthResBaggage set-ctype 9 : setct-AuthRevReqBaggage set-ctype 10 : setct-AuthRevResBaggage set-ctype 11 : setct-CapTokenSeq set-ctype 12 : setct-PInitResData set-ctype 13 : setct-PI-TBS set-ctype 14 : setct-PResData set-ctype 16 : setct-AuthReqTBS set-ctype 17 : setct-AuthResTBS set-ctype 18 : setct-AuthResTBSX set-ctype 19 : setct-AuthTokenTBS set-ctype 20 : setct-CapTokenData set-ctype 21 : setct-CapTokenTBS set-ctype 22 : setct-AcqCardCodeMsg set-ctype 23 : setct-AuthRevReqTBS set-ctype 24 : setct-AuthRevResData set-ctype 25 : setct-AuthRevResTBS set-ctype 26 : setct-CapReqTBS set-ctype 27 : setct-CapReqTBSX set-ctype 28 : setct-CapResData set-ctype 29 : setct-CapRevReqTBS set-ctype 30 : setct-CapRevReqTBSX set-ctype 31 : setct-CapRevResData set-ctype 32 : setct-CredReqTBS set-ctype 33 : setct-CredReqTBSX set-ctype 34 : setct-CredResData set-ctype 35 : setct-CredRevReqTBS set-ctype 36 : setct-CredRevReqTBSX set-ctype 37 : setct-CredRevResData set-ctype 38 : setct-PCertReqData set-ctype 39 : setct-PCertResTBS set-ctype 40 : setct-BatchAdminReqData set-ctype 41 : setct-BatchAdminResData set-ctype 42 : setct-CardCInitResTBS set-ctype 43 : setct-MeAqCInitResTBS set-ctype 44 : setct-RegFormResTBS set-ctype 45 : setct-CertReqData set-ctype 46 : setct-CertReqTBS set-ctype 47 : setct-CertResData set-ctype 48 : setct-CertInqReqTBS set-ctype 49 : setct-ErrorTBS set-ctype 50 : setct-PIDualSignedTBE set-ctype 51 : setct-PIUnsignedTBE set-ctype 52 : setct-AuthReqTBE set-ctype 53 : setct-AuthResTBE set-ctype 54 : setct-AuthResTBEX set-ctype 55 : setct-AuthTokenTBE set-ctype 56 : setct-CapTokenTBE set-ctype 57 : setct-CapTokenTBEX set-ctype 58 : setct-AcqCardCodeMsgTBE set-ctype 59 : setct-AuthRevReqTBE set-ctype 60 : setct-AuthRevResTBE set-ctype 61 : setct-AuthRevResTBEB set-ctype 62 : setct-CapReqTBE set-ctype 63 : setct-CapReqTBEX set-ctype 64 : setct-CapResTBE set-ctype 65 : setct-CapRevReqTBE set-ctype 66 : setct-CapRevReqTBEX set-ctype 67 : setct-CapRevResTBE set-ctype 68 : setct-CredReqTBE set-ctype 69 : setct-CredReqTBEX set-ctype 70 : setct-CredResTBE set-ctype 71 : setct-CredRevReqTBE set-ctype 72 : setct-CredRevReqTBEX set-ctype 73 : setct-CredRevResTBE set-ctype 74 : setct-BatchAdminReqTBE set-ctype 75 : setct-BatchAdminResTBE set-ctype 76 : setct-RegFormReqTBE set-ctype 77 : setct-CertReqTBE set-ctype 78 : setct-CertReqTBEX set-ctype 79 : setct-CertResTBE set-ctype 80 : setct-CRLNotificationTBS set-ctype 81 : setct-CRLNotificationResTBS set-ctype 82 : setct-BCIDistributionTBS set-msgExt 1 : setext-genCrypt : generic cryptogram set-msgExt 3 : setext-miAuth : merchant initiated auth set-msgExt 4 : setext-pinSecure set-msgExt 5 : setext-pinAny set-msgExt 7 : setext-track2 set-msgExt 8 : setext-cv : additional verification set-policy 0 : set-policy-root set-certExt 0 : setCext-hashedRoot set-certExt 1 : setCext-certType set-certExt 2 : setCext-merchData set-certExt 3 : setCext-cCertRequired set-certExt 4 : setCext-tunneling set-certExt 5 : setCext-setExt set-certExt 6 : setCext-setQualf set-certExt 7 : setCext-PGWYcapabilities set-certExt 8 : setCext-TokenIdentifier set-certExt 9 : setCext-Track2Data set-certExt 10 : setCext-TokenType set-certExt 11 : setCext-IssuerCapabilities set-attr 0 : setAttr-Cert set-attr 1 : setAttr-PGWYcap : payment gateway capabilities set-attr 2 : setAttr-TokenType set-attr 3 : setAttr-IssCap : issuer capabilities setAttr-Cert 0 : set-rootKeyThumb setAttr-Cert 1 : set-addPolicy setAttr-TokenType 1 : setAttr-Token-EMV setAttr-TokenType 2 : setAttr-Token-B0Prime setAttr-IssCap 3 : setAttr-IssCap-CVM setAttr-IssCap 4 : setAttr-IssCap-T2 setAttr-IssCap 5 : setAttr-IssCap-Sig setAttr-IssCap-CVM 1 : setAttr-GenCryptgrm : generate cryptogram setAttr-IssCap-T2 1 : setAttr-T2Enc : encrypted track 2 setAttr-IssCap-T2 2 : setAttr-T2cleartxt : cleartext track 2 setAttr-IssCap-Sig 1 : setAttr-TokICCsig : ICC or token signature setAttr-IssCap-Sig 2 : setAttr-SecDevSig : secure device signature set-brand 1 : set-brand-IATA-ATA set-brand 30 : set-brand-Diners set-brand 34 : set-brand-AmericanExpress set-brand 35 : set-brand-JCB set-brand 4 : set-brand-Visa set-brand 5 : set-brand-MasterCard set-brand 6011 : set-brand-Novus rsadsi 3 10 : DES-CDMF : des-cdmf rsadsi 1 1 6 : rsaOAEPEncryptionSET : Oakley-EC2N-3 : ipsec3 : Oakley-EC2N-4 : ipsec4