idnits 2.17.00 (12 Aug 2021) /tmp/idnits59857/draft-housley-pkix-oids-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (26 January 2014) is 3037 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Missing Reference: 'RFC3039' is mentioned on line 709, but not defined ** Obsolete undefined reference: RFC 3039 (Obsoleted by RFC 3739) == Missing Reference: 'RFC4985' is mentioned on line 659, but not defined ** Obsolete normative reference: RFC 5226 (Obsoleted by RFC 8126) == Outdated reference: draft-jabley-dnssec-trust-anchor has been published as RFC 7958 == Outdated reference: draft-housley-pkix-test-oids has been published as RFC 7229 -- Obsolete informational reference (is this intentional?): RFC 2459 (Obsoleted by RFC 3280) -- Obsolete informational reference (is this intentional?): RFC 2510 (Obsoleted by RFC 4210) -- Obsolete informational reference (is this intentional?): RFC 2511 (Obsoleted by RFC 4211) -- Obsolete informational reference (is this intentional?): RFC 2560 (Obsoleted by RFC 6960) -- Obsolete informational reference (is this intentional?): RFC 2797 (Obsoleted by RFC 5272) -- Obsolete informational reference (is this intentional?): RFC 2875 (Obsoleted by RFC 6955) -- Obsolete informational reference (is this intentional?): RFC 3280 (Obsoleted by RFC 5280) -- Obsolete informational reference (is this intentional?): RFC 3281 (Obsoleted by RFC 5755) -- Obsolete informational reference (is this intentional?): RFC 3770 (Obsoleted by RFC 4334) -- Obsolete informational reference (is this intentional?): RFC 3920 (Obsoleted by RFC 6120) -- Obsolete informational reference (is this intentional?): RFC 4306 (Obsoleted by RFC 5996) -- Obsolete informational reference (is this intentional?): RFC 6277 (Obsoleted by RFC 6960) -- Duplicate reference: RFC6402, mentioned in 'RFC6402', was also mentioned in 'Err3860'. Summary: 2 errors (**), 0 flaws (~~), 5 warnings (==), 14 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 INTERNET-DRAFT R. Housley 3 Intended Status: Informational Vigil Security 4 Expires: 30 July 2014 26 January 2014 6 Object Identifier Registry for the PKIX Working Group 7 9 Abstract 11 When the Public-Key Infrastructure using X.509 (PKIX) Working Group 12 was chartered, an object identifier arc was was allocated by IANA for 13 use by that working group. This document describes the object 14 identifiers that were assigned in that arc, it returns control of 15 that arc to IANA, and it establishes IANA allocation policies for any 16 future assignments within that arc. 18 Status of this Memo 20 This Internet-Draft is submitted to IETF in full conformance with the 21 provisions of BCP 78 and BCP 79. 23 Internet-Drafts are working documents of the Internet Engineering 24 Task Force (IETF), its areas, and its working groups. Note that 25 other groups may also distribute working documents as 26 Internet-Drafts. 28 Internet-Drafts are draft documents valid for a maximum of six months 29 and may be updated, replaced, or obsoleted by other documents at any 30 time. It is inappropriate to use Internet-Drafts as reference 31 material or to cite them other than as "work in progress." 33 The list of current Internet-Drafts can be accessed at 34 http://www.ietf.org/1id-abstracts.html 36 The list of Internet-Draft Shadow Directories can be accessed at 37 http://www.ietf.org/shadow.html 39 Copyright and License Notice 41 Copyright (c) 2014 IETF Trust and the persons identified as the 42 document authors. All rights reserved. 44 This document is subject to BCP 78 and the IETF Trust's Legal 45 Provisions Relating to IETF Documents 46 (http://trustee.ietf.org/license-info) in effect on the date of 47 publication of this document. Please review these documents 48 carefully, as they describe your rights and restrictions with respect 49 to this document. Code Components extracted from this document must 50 include Simplified BSD License text as described in Section 4.e of 51 the Trust Legal Provisions and are provided without warranty as 52 described in the Simplified BSD License. 54 Table of Contents 56 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 57 2. Subordinate Object Identifier Arcs . . . . . . . . . . . . . . 4 58 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 59 3.1. Update to SMI Security for Mechanism Codes Registry . . . 6 60 3.2. Add SMI Security for PKIX Registry . . . . . . . . . . . . 6 61 3.3. Add SMI Security for PKIX Module Identifier Registry . . . 7 62 3.4. Add SMI Security for PKIX Certificate Extension Registry . 9 63 3.5. Add SMI Security for PKIX Policy Qualifier Registry . . . 10 64 3.6. Add SMI Security for PKIX Extended Key Purpose Registry . 10 65 3.7. Add SMI Security for PKIX CMP Information Types Registry . 11 66 3.8. Add SMI Security for PKIX CRMF Registration Registry . . . 12 67 3.9. Add SMI Security for PKIX CRMF Registration Controls 68 Registry . . . . . . . . . . . . . . . . . . . . . . . . . 12 69 3.10. Add SMI Security for PKIX CRMF Registration Information 70 Registry . . . . . . . . . . . . . . . . . . . . . . . . 12 71 3.11. Add SMI Security for PKIX Algorithms Registry . . . . . . 13 72 3.12. Add SMI Security for PKIX CMC Controls Registry . . . . . 13 73 3.13. Add SMI Security for PKIX CMC GLA Requests and 74 Responses Registry . . . . . . . . . . . . . . . . . . . 14 75 3.14. Add SMI Security for PKIX Other Name Forms Registry . . . 15 76 3.15. Add SMI Security for PKIX Personal Data Attributes 77 Registry . . . . . . . . . . . . . . . . . . . . . . . . 15 78 3.16. Add SMI Security for PKIX Attribute Certificate 79 Attributes Registry . . . . . . . . . . . . . . . . . . . 15 80 3.17. Add SMI Security for PKIX Qualified Certificate 81 Statements Registry . . . . . . . . . . . . . . . . . . . 16 82 3.18. Add SMI Security for PKIX CMC Content Types Registry . . 16 83 3.19. Add SMI Security for PKIX OIDs used Only for Testing 84 Registry . . . . . . . . . . . . . . . . . . . . . . . . 16 85 3.20. Add SMI Security for PKIX Certificate Policies Registry . 17 86 3.21. Add SMI Security for PKIX CMC Error Types Registry . . . 17 87 3.22. Add SMI Security for PKIX Revocation Information Types 88 Registry . . . . . . . . . . . . . . . . . . . . . . . . 17 90 3.23. Add SMI Security for PKIX SCVP Check Types Registry . . . 18 91 3.24. Add SMI Security for PKIX SCVP Want Back Types Registry . 18 92 3.25. Add SMI Security for PKIX SCVP Validation Policies and 93 Algorithms Registry . . . . . . . . . . . . . . . . . . . 19 94 3.26. Add SMI Security for PKIX SCVP Name Validation Policy 95 Errors Registry . . . . . . . . . . . . . . . . . . . . . 19 96 3.26. Add SMI Security for PKIX SCVP Name Validation Policy 97 Errors Registry . . . . . . . . . . . . . . . . . . . . . 19 98 3.27. Add SMI Security for PKIX SCVP Basic Validation Policy 99 Errors Registry . . . . . . . . . . . . . . . . . . . . . 20 100 3.28. Add SMI Security for PKIX SCVP Distinguished Name 101 Validation Policy Errors Registry . . . . . . . . . . . . 20 102 3.29. Add SMI Security for PKIX Other Logotype Identifiers 103 Registry . . . . . . . . . . . . . . . . . . . . . . . . 21 104 3.30. Add SMI Security for PKIX Proxy Certificate Policy 105 Languages Registry . . . . . . . . . . . . . . . . . . . 21 106 3.31. Add SMI Security for PKIX Proxy Matching Rules Registry . 21 107 3.32. Add SMI Security for PKIX Subject Key Identifier 108 Semantics Registry . . . . . . . . . . . . . . . . . . . 22 109 3.33. Add SMI Security for PKIX Access Descriptor Registry . . 22 110 3.34. Add SMI Security for PKIX OCSP Registry . . . . . . . . . 22 111 4. Security Considerations . . . . . . . . . . . . . . . . . . . 23 112 5. References . . . . . . . . . . . . . . . . . . . . . . . . . . 23 113 5.1. Normative References . . . . . . . . . . . . . . . . . . . 23 114 5.2. Informative References . . . . . . . . . . . . . . . . . . 23 115 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . . 28 116 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 28 118 1. Introduction 120 When the Public-Key Infrastructure using X.509 (PKIX) Working Group 121 was chartered, an object identifier arc was was allocated by IANA for 122 use by that working group. These object identifiers are primarily 123 used with Abstract Syntax Notation One (ASN.1) [ASN1-88] [ASN1-97]. 124 The ASN.1 specifications continue to evolve, but object identifiers 125 can be used with any and all versions of ASN.1. 127 The PKIX object identifier arc is: 129 id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) 130 dod(6) internet(1) security(5) mechanisms(5) pkix(7) } 132 This document describes the object identifiers that were assigned in 133 the PKIX arc, it returns control of the PKIX arc to IANA, and it 134 establishes IANA allocation policies for any future assignments 135 within the PKIX arc. 137 2. Subordinate Object Identifier Arcs 139 Twenty-five subordinate object identifier arcs were used, numbered 140 from 0 to 23 and 48. In addition, seven of these arcs include 141 further subordinate arcs. They were assigned as follows: 143 -- ASN.1 modules 144 id-mod OBJECT IDENTIFIER ::= { id-pkix 0 } 146 -- PKIX certificate extensions 147 id-pe OBJECT IDENTIFIER ::= { id-pkix 1 } 149 -- Policy qualifier types 150 id-qt OBJECT IDENTIFIER ::= { id-pkix 2 } 152 -- Extended key purpose identifiers 153 id-kp OBJECT IDENTIFIER ::= { id-pkix 3 } 155 -- CMP information types 156 id-it OBJECT IDENTIFIER ::= { id-pkix 4 } 158 -- CRMF registration 159 id-pkip OBJECT IDENTIFIER ::= { id-pkix 5 } 161 -- CRMF registration controls 162 id-regCtrl OBJECT IDENTIFIER ::= { id-pkix 5 1 } 164 -- CRMF registration information 165 id-regInfo OBJECT IDENTIFIER ::= { id-pkix 5 2 } 166 -- Algorithms 167 id-alg OBJECT IDENTIFIER ::= { id-pkix 6 } 169 -- CMC controls 170 id-cmc OBJECT IDENTIFIER ::= { id-pkix 7 } 172 -- CMC GLA Requests and Responses 173 id-cmc-glaRR OBJECT IDENTIFIER ::= { id-pkix 7 99 } 175 -- Other name forms 176 id-on OBJECT IDENTIFIER ::= { id-pkix 8 } 178 -- Personal data attribute 179 id-pda OBJECT IDENTIFIER ::= { id-pkix 9 } 181 -- Attribute certificate attributes 182 id-aca OBJECT IDENTIFIER ::= { id-pkix 10 } 184 -- Qualified certificate statements 185 id-qcs OBJECT IDENTIFIER ::= { id-pkix 11 } 187 -- CMC content types 188 id-cct OBJECT IDENTIFIER ::= { id-pkix 12 } 190 -- OIDs for TESTING ONLY 191 id-TEST OBJECT IDENTIFIER ::= { id-pkix 13 } 193 -- Certificate policies 194 id-cp OBJECT IDENTIFIER ::= { id-pkix 14 } 196 -- CMC error types 197 id-cet OBJECT IDENTIFIER ::= { id-pkix 15 } 199 -- Revocation information types 200 id-ri OBJECT IDENTIFIER ::= { id-pkix 16 } 202 -- SCVP check type 203 id-sct OBJECT IDENTIFIER ::= { id-pkix 17 } 205 -- SCVP want back types 206 id-swb OBJECT IDENTIFIER ::= { id-pkix 18 } 208 -- SCVP validation policies 209 id-svp OBJECT IDENTIFIER ::= { id-pkix 19 } 211 -- SCVP name validation policy errors 212 id-nvae OBJECT IDENTIFIER ::= { id-pkix 19 2 } 213 -- SCVP basic validation policy errors 214 id-bvae OBJECT IDENTIFIER ::= { id-pkix 19 3 } 216 -- SCVP distinguished name validation policy errors 217 id-dnvae OBJECT IDENTIFIER ::= { id-pkix 19 4 } 219 -- Other logotype identifiers 220 id-logo OBJECT IDENTIFIER ::= { id-pkix 20 } 222 -- Proxy certificate policy languages 223 id-ppl OBJECT IDENTIFIER ::= { id-pkix 21 } 225 -- Matching rules 226 id-mr OBJECT IDENTIFIER ::= { id-pkix 22 } 228 -- Subject key identifier semantics 229 id-skis OBJECT IDENTIFIER ::= { id-pkix 23 } 231 -- Access descriptors 232 id-ad OBJECT IDENTIFIER ::= { id-pkix 48 } 234 -- Online Certificate Status Protocol 235 id-pkix-ocsp OBJECT IDENTIFIER ::= { id-pkix 48 1 } 237 The values assigned in each of these subordinate object identifier 238 arcs are discussed in the next section. 240 3. IANA Considerations 242 IANA is asked to update one registry table and create 31 additional 243 tables. 245 Updates to the new tables require both Specification Required and 246 Expert Review as defined in [RFC5226]. The expert is expected to 247 ensure that any new values are strongly related to the work that was 248 done by the PKIX Working Group. That is, additional object 249 identifiers are to be related to X.509 certificate, X.509 attribute 250 certificates, X.509 certificate revocation lists (CRLs), or protocols 251 associated with them. Object identifiers for other purposes should 252 not be assigned in this arc. 254 3.1. Update to SMI Security for Mechanism Codes Registry 256 Please update the reference in the Public-Key Infrastructure using 257 X.509 (PKIX) entry (decimal value 7) to points to this document. 259 3.2. Add SMI Security for PKIX Registry 261 Within the SMI-numbers registry, add a "PKIX (1.3.6.1.5.5.7)" table 262 with three columns: 264 Decimal Description References 265 ------- -------------------------------------- ---------- 266 0 Module identifiers {This RFC} 267 1 PKIX certificate extensions {This RFC} 268 2 Policy qualifier types {This RFC} 269 3 Extended key purpose identifiers {This RFC} 270 4 CMP information types {This RFC} 271 5 CRMF registration {This RFC} 272 6 Algorithms {This RFC} 273 7 CMC controls {This RFC} 274 8 Other name forms {This RFC} 275 9 Personal data attribute {This RFC} 276 10 Attribute certificate attributes {This RFC} 277 11 Qualified certificate statements {This RFC} 278 12 CMC content types {This RFC} 279 13 OIDs for TESTING ONLY {This RFC} 280 14 Certificate policies {This RFC} 281 15 CMC error types {This RFC} 282 16 Revocation information types {This RFC} 283 17 SCVP check type {This RFC} 284 18 SCVP want back types {This RFC} 285 19 SCVP validation policies {This RFC} 286 20 Other logotype identifiers {This RFC} 287 21 Proxy certificate policy languages {This RFC} 288 22 Matching rules {This RFC} 289 23 Subject key identifier semantics {This RFC} 290 48 Access descriptors {This RFC} 292 Future updates to this table require both Specification Required and 293 Expert Review as defined in [RFC5226]. 295 3.3. Add SMI Security for PKIX Module Identifier Registry 297 Within the SMI-numbers registry, add a "SMI Security for PKIX Module 298 Identifier (1.3.6.1.5.5.7.0)" table with three columns: 300 Decimal Description References 301 ------- ------------------------------- --------------------- 302 1 id-pkix1-explicit-88 [RFC2459] 303 2 id-pkix1-implicit-88 [RFC2459] 304 3 id-pkix1-explicit-93 [RFC2459] 305 4 id-pkix1-implicit-93 [RFC2459] 306 5 id-mod-crmf [RFC2511] 307 6 id-mod-cmc [RFC2797] 308 7 id-mod-kea-profile-88 [RFC2528] 309 8 id-mod-kea-profile-93 [RFC2528] 310 9 id-mod-cmp [RFC2510] 311 10 id-mod-qualified-cert-88 [RFC3039] 312 11 id-mod-qualified-cert-93 [RFC3039] 313 12 id-mod-attribute-cert [RFC3281] 314 13 id-mod-tsp [RFC3161] 315 14 id-mod-ocsp [RFC3029] 316 15 id-mod-dvcs [RFC3029] 317 16 id-mod-cmp2000 [RFC4210] 318 17 id-mod-pkix1-algorithms [RFC3279] 319 18 id-mod-pkix1-explicit [RFC3280] 320 19 id-mod-pkix1-implicit [RFC3280] 321 20 id-mod-user-group Reserved and Obsolete 322 21 id-mod-scvp [RFC5055] 323 22 id-mod-logotype [RFC3709] 324 23 id-mod-cmc2002 [RFC5272] 325 24 id-mod-wlan-extns [RFC3770] 326 25 id-mod-proxy-cert-extns [RFC3820] 327 26 id-mod-ac-policies [RFC4476] 328 27 id-mod-warranty-extn [RFC4059] 329 28 id-mod-perm-id-88 [RFC4043] 330 29 id-mod-perm-id-93 [RFC4043] 331 30 id-mod-ip-addr-and-as-ident [RFC3779] 332 31 id-mod-qualified-cert [RFC3739] 333 32 id-mod-crmf2003 Reserved and Obsolete 334 33 id-mod-pkix1-rsa-pkalgs [RFC4055] 335 34 id-mod-cert-bundle [RFC4306] 336 35 id-mod-qualified-cert-97 [RFC3739] 337 36 id-mod-crmf2005 [RFC4210] 338 37 id-mod-wlan-extns2005 [RFC4334] 339 38 id-mod-sim2005 [RFC4683] 340 39 id-mod-dns-srv-name-88 [RFC4985] 341 40 id-mod-dns-srv-name-93 [RFC4985] 342 41 id-mod-cmsContentConstr-88 [RFC6010] 343 42 id-mod-cmsContentConstr-93 [RFC6010] 344 43 id-mod-pkixCommon Reserved and Obsolete 345 44 id-mod-pkixOtherCerts [RFC5697] 346 45 id-mod-pkix1-algorithms2008 [RFC5480] 347 46 id-mod-clearanceConstraints [RFC5913] 348 47 id-mod-attribute-cert-02 [RFC5912] 349 48 id-mod-ocsp-02 [RFC5912] 350 49 id-mod-v1AttrCert-02 [RFC5912] 351 50 id-mod-cmp2000-02 [RFC5912] 352 51 id-mod-pkix1-explicit-02 [RFC5912] 353 52 id-mod-scvp-02 [RFC5912] 354 53 id-mod-cmc2002-02 [RFC5912] 355 54 id-mod-pkix1-rsa-pkalgs-02 [RFC5912] 356 55 id-mod-crmf2005-02 [RFC5912] 357 56 id-mod-pkix1-algorithms2008-02 [RFC5912] 358 57 id-mod-pkixCommon-02 [RFC5912] 359 58 id-mod-algorithmInformation-02 [RFC5912] 360 59 id-mod-pkix1-implicit-02 [RFC5912] 361 60 id-mod-pkix1-x400address-02 [RFC5912] 362 61 id-mod-attribute-cert-v2 [RFC5755] 363 62 id-mod-sip-domain-extns2007 [RFC5924] 364 63 id-mod-cms-otherRIs-2009-88 [RFC5940] 365 64 id-mod-cms-otherRIs-2009-93 [RFC5940] 366 65 id-mod-ecprivatekey [RFC5915] 367 66 id-mod-ocsp-agility-2009-93 [RFC6277] 368 67 id-mod-ocsp-agility-2009-88 [RFC6277] 369 68 id-mod-logotype-certimage [RFC6170] 370 69 id-mod-pkcs10-2009 [RFC5912] 371 70 id-mod-dns-resource-record [ID-Abley] 372 71 id-mod-send-cert-extns [RFC6494] 373 72 id-mod-ip-addr-and-as-ident-2 [RFC6268] 374 73 id-mod-wlan-extns-2 [RFC6268] 375 74 id-mod-hmac [RFC6268] 376 75 id-mod-enrollMsgSyntax-2011-88 [RFC6402][Err3860] 377 76 id-mod-enrollMsgSyntax-2011-08 [RFC6402] 378 77 id-mod-pubKeySMIMECaps-88 [RFC6664] 379 78 id-mod-pubKeySMIMECaps-08 [RFC6664] 380 79 id-mod-dhSign-2012-88 [RFC6955] 381 80 id-mod-dhSign-2012-08 [RFC6955] 382 81 id-mod-ocsp-2013-88 [RFC6960] 383 82 id-mod-ocsp-2013-08 [RFC6960] 384 83 id-mod-TEST-certPolicies [ID-Housley] 386 Future updates to this table require both Specification Required and 387 Expert Review as defined in [RFC5226]. 389 3.4. Add SMI Security for PKIX Certificate Extension Registry 391 Within the SMI-numbers registry, add a "SMI Security for PKIX 392 Certificate Extension (1.3.6.1.5.5.7.1)" table with three columns: 394 Decimal Description References 395 ------- ------------------------------ --------------------- 396 1 id-pe-authorityInfoAccess [RFC2459] 397 2 id-pe-biometricInfo [RFC3039] 398 3 id-pe-qcStatements [RFC3039] 399 4 id-pe-ac-auditIdentity [RFC3281] 400 5 id-pe-ac-targeting Reserved and Obsolete 401 6 id-pe-aaControls [RFC3281] 402 7 id-pe-ipAddrBlock [RFC3779] 403 8 id-pe-autonomousSysId [RFC3779] 404 9 id-pe-sbgp-routerIdentifier Reserved and Obsolete 405 10 id-pe-ac-proxying [RFC3281] 406 11 id-pe-subjectInfoAccess [RFC3280] 407 12 id-pe-logotype [RFC3709] 408 13 id-pe-wlanSSID [RFC4334] 409 14 id-pe-proxyCertInfo [RFC3820] 410 15 id-pe-acPolicies [RFC4476] 411 16 id-pe-warranty [RFC4059] 412 17 id-pe-sim Reserved and Obsolete 413 18 id-pe-cmsContentConstraints [RFC6010] 414 19 id-pe-otherCerts [RFC5697] 415 20 id-pe-wrappedApexContinKey [RFC5934] 416 21 id-pe-clearanceConstraints [RFC5913] 417 22 id-pe-skiSemantics Reserved and Obsolete 419 Future updates to this table require both Specification Required and 420 Expert Review as defined in [RFC5226]. 422 3.5. Add SMI Security for PKIX Policy Qualifier Registry 424 Within the SMI-numbers registry, add a "SMI Security for PKIX Policy 425 Qualifier Identifiers (1.3.6.1.5.5.7.2)" table with three columns: 427 Decimal Description References 428 ------- ------------------------------ --------------------- 429 1 id-qt-cps [RFC2459] 430 2 id-qt-unotice [RFC2459] 431 3 id-qt-textNotice Reserved and Obsolete 432 4 id-qt-acps [RFC4476] 433 5 id-qt-acunotice [RFC4476] 435 Future updates to this table require both Specification Required and 436 Expert Review as defined in [RFC5226]. 438 3.6. Add SMI Security for PKIX Extended Key Purpose Registry 440 Within the SMI-numbers registry, add a "SMI Security for PKIX 441 Extended Key Purpose Identifiers (1.3.6.1.5.5.7.3)" table with three 442 columns: 444 Decimal Description References 445 ------- ------------------------------ --------------------- 446 1 id-kp-serverAuth [RFC2459] 447 2 id-kp-clientAuth [RFC2459] 448 3 id-kp-codeSigning [RFC2459] 449 4 id-kp-emailProtection [RFC2459] 450 5 id-kp-ipsecEndSystem Reserved and Obsolete 451 6 id-kp-ipsecTunnel Reserved and Obsolete 452 7 id-kp-ipsecUser Reserved and Obsolete 453 8 id-kp-timeStamping [RFC2459] 454 9 id-kp-OCSPSigning [RFC2560] 455 10 id-kp-dvcs [RFC3029] 456 11 id-kp-sbgpCertAAServerAuth Reserved and Obsolete 457 12 id-kp-scvp-responder Reserved and Obsolete 458 13 id-kp-eapOverPPP [RFC4334] 459 14 id-kp-eapOverLAN [RFC4334] 460 15 id-kp-scvpServer [RFC5055] 461 16 id-kp-scvpClient [RFC5055] 462 17 id-kp-ipsecIKE [RFC4945] 463 18 id-kp-capwapAC [RFC5415] 464 19 id-kp-capwapWTP [RFC5415] 465 20 id-kp-sipDomain [RFC5924] 466 21 id-kp-secureShellClient [RFC6187] 467 22 id-kp-secureShellServer [RFC6187] 468 23 id-kp-sendRouter [RFC6494] 469 24 id-kp-sendProxy [RFC6494] 470 25 id-kp-sendOwner [RFC6494] 471 26 id-kp-sendProxiedOwner [RFC6494] 472 27 id-kp-cmcCA [RFC6402] 473 28 id-kp-cmcRA [RFC6402] 474 29 id-kp-cmcArchive [RFC6402] 476 Future updates to this table require both Specification Required and 477 Expert Review as defined in [RFC5226]. 479 3.7. Add SMI Security for PKIX CMP Information Types Registry 481 Within the SMI-numbers registry, add a "SMI Security for PKIX CMP 482 Information Types (1.3.6.1.5.5.7.4)" table with three columns: 484 Decimal Description References 485 ------- ------------------------------ --------------------- 486 1 id-it-caProtEncCert [RFC2510] 487 2 id-it-signKeyPairTypes [RFC2510] 488 3 id-it-encKeyPairTypes [RFC2510] 489 4 id-it-preferredSymmAlg [RFC2510] 490 5 id-it-caKeyUpdateInfo [RFC2510] 491 6 id-it-currentCRL [RFC2510] 492 7 id-it-unsupportedOIDs [RFC4210] 493 8 id-it-subscriptionRequest Reserved and Obsolete 494 9 id-it-subscriptionResponse Reserved and Obsolete 495 10 id-it-keyPairParamReq [RFC4210] 496 11 id-it-keyPairParamRep [RFC4210] 497 12 id-it-revPassphrase [RFC4210] 498 13 id-it-implicitConfirm [RFC4210] 499 14 id-it-confirmWaitTime [RFC4210] 500 15 id-it-origPKIMessage [RFC4210] 501 16 id-it-suppLangTags [RFC4210] 503 Future updates to this table require both Specification Required and 504 Expert Review as defined in [RFC5226]. 506 3.8. Add SMI Security for PKIX CRMF Registration Registry 508 Within the SMI-numbers registry, add a "SMI Security for PKIX CRMF 509 Registration (1.3.6.1.5.5.7.5)" table with three columns: 511 Decimal Description References 512 ------- ------------------------------ --------------------- 513 1 id-regCtrl [RFC2511] 514 2 id-regInfo [RFC2511] 515 3 id-regEPEPSI [RFC4683] 517 Future updates to this table require both Specification Required and 518 Expert Review as defined in [RFC5226]. 520 3.9. Add SMI Security for PKIX CRMF Registration Controls Registry 522 Within the SMI-numbers registry, add a "SMI Security for PKIX CRMF 523 Registration Controls (1.3.6.1.5.5.7.5.1)" table with three columns: 525 Decimal Description References 526 ------- ------------------------------ --------------------- 527 1 id-regCtrl-regToken [RFC2511] 528 2 id-regCtrl-authenticator [RFC2511] 529 3 id-regCtrl-pkiPublicationInfo [RFC2511] 530 4 id-regCtrl-pkiArchiveOptions [RFC2511] 531 5 id-regCtrl-oldCertID [RFC2511] 532 6 id-regCtrl-protocolEncrKey [RFC2511] 533 7 id-regCtrl-altCertTemplate [RFC4210] 534 8 id-regCtrl-wtlsTemplate Reserved and Obsolete 535 9 id-regCtrl-regTokenUTF8 Reserved and Obsolete 536 10 id-regCtrl-authenticatorUTF8 Reserved and Obsolete 538 Future updates to this table require both Specification Required and 539 Expert Review as defined in [RFC5226]. 541 3.10. Add SMI Security for PKIX CRMF Registration Information Registry 543 Within the SMI-numbers registry, add a "SMI Security for PKIX CRMF 544 Registration Information (1.3.6.1.5.5.7.5.2)" table with three 545 columns: 547 Decimal Description References 548 ------- ------------------------------ --------------------- 549 1 id-regInfo-utf8Pairs [RFC2511] 550 2 id-regInfo-certReq [RFC2511] 552 Future updates to this table require both Specification Required and 553 Expert Review as defined in [RFC5226]. 555 3.11. Add SMI Security for PKIX Algorithms Registry 557 Within the SMI-numbers registry, add a "SMI Security for PKIX 558 Algorithms (1.3.6.1.5.5.7.6)" table with three columns: 560 Decimal Description References 561 ------- ------------------------------ --------------------- 562 1 id-alg-des40 Reserved and Obsolete 563 2 id-alg-noSignature [RFC2797] 564 3 id-alg-dh-sig-hmac-sha1 [RFC2875] 565 4 id-alg-dhPop-sha1 [RFC2875] 566 5 id-alg-dhPop-sha224 [RFC6955] 567 6 id-alg-dhPop-sha256 [RFC6955] 568 7 id-alg-dhPop-sha384 [RFC6955] 569 8 id-alg-dhPop-sha512 [RFC6955] 570 15 id-alg-dhPop-static-sha224-hmac-sha224 [RFC6955] 571 16 id-alg-dhPop-static-sha256-hmac-sha256 [RFC6955] 572 17 id-alg-dhPop-static-sha384-hmac-sha384 [RFC6955] 573 18 id-alg-dhPop-static-sha512-hmac-sha512 [RFC6955] 574 25 id-alg-ecdhPop-static-sha224-hmac-sha224 [RFC6955] 575 26 id-alg-ecdhPop-static-sha256-hmac-sha256 [RFC6955] 576 27 id-alg-ecdhPop-static-sha384-hmac-sha384 [RFC6955] 577 28 id-alg-ecdhPop-static-sha512-hmac-sha512 [RFC6955] 579 Note: id-alg-dhPop-sha1 is also known as id-alg-dh-pop. 581 Note: id-alg-dh-sig-hmac-sha1 is also known as 582 id-alg-dhPop-static-sha1-hmac-sha1. 584 Future updates to this table require both Specification Required and 585 Expert Review as defined in [RFC5226]. 587 3.12. Add SMI Security for PKIX CMC Controls Registry 589 Within the SMI-numbers registry, add a "SMI Security for PKIX CMC 590 Controls (1.3.6.1.5.5.7.7)" table with three columns: 592 Decimal Description References 593 ------- ------------------------------ --------------------- 594 1 id-cmc-statusInfo [RFC2797] 595 2 id-cmc-identification [RFC2797] 596 3 id-cmc-identityProof [RFC2797] 597 4 id-cmc-dataReturn [RFC2797] 598 5 id-cmc-transactionId [RFC2797] 599 6 id-cmc-senderNonce [RFC2797] 600 7 id-cmc-recipientNonce [RFC2797] 601 8 id-cmc-addExtensions [RFC2797] 602 9 id-cmc-encryptedPOP [RFC2797] 603 10 id-cmc-decryptedPOP [RFC2797] 604 11 id-cmc-lraPOPWitness [RFC2797] 605 15 id-cmc-getCert [RFC2797] 606 16 id-cmc-getCRL [RFC2797] 607 17 id-cmc-revokeRequest [RFC2797] 608 18 id-cmc-regInfo [RFC2797] 609 19 id-cmc-responseInfo [RFC2797] 610 21 id-cmc-queryPending [RFC2797] 611 22 id-cmc-popLinkRandom [RFC2797] 612 23 id-cmc-popLinkWitness [RFC2797] 613 24 id-cmc-confirmCertAcceptance [RFC2797] 614 25 id-cmc-statusInfoV2 [RFC5272] 615 26 id-cmc-trustedAnchors [RFC5272] 616 27 id-cmc-authData [RFC5272] 617 28 id-cmc-batchRequests [RFC5272] 618 29 id-cmc-batchResponces [RFC5272] 619 30 id-cmc-publishCert [RFC5272] 620 31 id-cmc-modCertTemplate [RFC5272] 621 32 id-cmc-controlProcessed [RFC5272] 622 33 id-cmc-popLinkWitnessV2 [RFC5272] 623 34 id-cmc-identityProofV2 [RFC5272] 624 35 id-cmc-raIdentityWitness [RFC6402] 625 36 id-cmc-changeSubjectName [RFC6402] 626 37 id-cmc-responseBody [RFC6402] 627 99 id-cmc-glaRR [RFC5275] 629 Future updates to this table require both Specification Required and 630 Expert Review as defined in [RFC5226]. 632 3.13. Add SMI Security for PKIX CMC GLA Requests and Responses Registry 634 Within the SMI-numbers registry, add a "SMI Security for PKIX CMC GLA 635 Requests and Responses (1.3.6.1.5.5.7.7.99)" table with three 636 columns: 638 Decimal Description References 639 ------- ------------------------------ --------------------- 640 1 id-cmc-gla-skdAlgRequest [RFC5275] 641 2 id-cmc-gla-skdAlgResponse [RFC5275] 643 Future updates to this table require both Specification Required and 644 Expert Review as defined in [RFC5226]. 646 3.14. Add SMI Security for PKIX Other Name Forms Registry 648 Within the SMI-numbers registry, add a "SMI Security for PKIX Other 649 Name Forms (1.3.6.1.5.5.7.8)" table with three columns: 651 Decimal Description References 652 ------- ------------------------------ --------------------- 653 1 id-on-personalData Reserved and Obsolete 654 2 id-on-userGroup Reserved and Obsolete 655 3 id-on-permanentIdentifier [RFC4043] 656 4 id-on-hardwareModuleName [RFC4108] 657 5 id-on-xmppAddr [RFC3920] 658 6 id-on-SIM [RFC4683] 659 7 id-on-dnsSRV [RFC4985] 661 Future updates to this table require both Specification Required and 662 Expert Review as defined in [RFC5226]. 664 3.15. Add SMI Security for PKIX Personal Data Attributes Registry 666 Within the SMI-numbers registry, add a "SMI Security for PKIX 667 Personal Data Attributes (1.3.6.1.5.5.7.9)" table with three columns: 669 Decimal Description References 670 ------- ------------------------------ --------------------- 671 1 id-pda-dateOfBirth [RFC3039] 672 2 id-pda-placeOfBirth [RFC3039] 673 3 id-pda-gender [RFC3039] 674 4 id-pda-countryOfCitizenship [RFC3039] 675 5 id-pda-countryOfResidence [RFC3039] 677 Future updates to this table require both Specification Required and 678 Expert Review as defined in [RFC5226]. 680 3.16. Add SMI Security for PKIX Attribute Certificate Attributes 681 Registry 683 Within the SMI-numbers registry, add a "SMI Security for PKIX 684 Attribute Certificate Attributes (1.3.6.1.5.5.7.10)" table with three 685 columns: 687 Decimal Description References 688 ------- ------------------------------ --------------------- 689 1 id-aca-authenticationInfo [RFC3281] 690 2 id-aca-accessIdentity [RFC3281] 691 3 id-aca-chargingIdentity [RFC3281] 692 4 id-aca-group [RFC3281] 693 5 id-aca-role Reserved and Obsolete 694 6 id-aca-encAttrs [RFC3281] 695 7 id-aca-wlanSSID [RFC4334] 697 Future updates to this table require both Specification Required and 698 Expert Review as defined in [RFC5226]. 700 3.17. Add SMI Security for PKIX Qualified Certificate Statements 701 Registry 703 Within the SMI-numbers registry, add a "SMI Security for PKIX 704 Qualified Certificate Statements (1.3.6.1.5.5.7.11)" table with three 705 columns: 707 Decimal Description References 708 ------- ------------------------------ --------------------- 709 1 id-qcs-pkixQCSyntax-v1 [RFC3039] 710 2 id-qcs-pkixQCSyntax-v2 [RFC3739] 712 Future updates to this table require both Specification Required and 713 Expert Review as defined in [RFC5226]. 715 3.18. Add SMI Security for PKIX CMC Content Types Registry 717 Within the SMI-numbers registry, add a "SMI Security for PKIX CMC 718 Content Types (1.3.6.1.5.5.7.12)" table with three columns: 720 Decimal Description References 721 ------- ------------------------------ --------------------- 722 1 id-cct-crs Reserved and Obsolete 723 2 id-cct-PKIData [RFC2797] 724 3 id-cct-PKIResponse [RFC2797] 726 Future updates to this table require both Specification Required and 727 Expert Review as defined in [RFC5226]. 729 3.19. Add SMI Security for PKIX OIDs used Only for Testing Registry 731 Within the SMI-numbers registry, add a "SMI Security for PKIX OIDs 732 used ONLY for TESTING (1.3.6.1.5.5.7.13)" table with three columns: 734 Decimal Description References 735 ------- ------------------------------ --------------------- 736 1 id-TEST-certPolicyOne [ID-Housley] 737 2 id-TEST-certPolicyTwo [ID-Housley] 738 3 id-TEST-certPolicyThree [ID-Housley] 739 4 id-TEST-certPolicyFour [ID-Housley] 740 5 id-TEST-certPolicyFive [ID-Housley] 741 6 id-TEST-certPolicySix [ID-Housley] 742 7 id-TEST-certPolicySeven [ID-Housley] 743 8 id-TEST-certPolicyEight [ID-Housley] 745 Note: The object identifiers in this table should not appear on the 746 public Internet. These object identifiers are ONLY for 747 TESTING. 749 Future updates to this table require both Specification Required and 750 Expert Review as defined in [RFC5226]. 752 3.20. Add SMI Security for PKIX Certificate Policies Registry 754 Within the SMI-numbers registry, add a "SMI Security for PKIX 755 Certificate Policies (1.3.6.1.5.5.7.14)" table with three columns: 757 Decimal Description References 758 ------- ------------------------------ --------------------- 759 1 id-cp-sbgpCertificatePolicy Reserved and Obsolete 760 2 id-cp-ipAddr-asNumber [RFC6484] 762 Future updates to this table require both Specification Required and 763 Expert Review as defined in [RFC5226]. 765 3.21. Add SMI Security for PKIX CMC Error Types Registry 767 Within the SMI-numbers registry, add a "SMI Security for PKIX CMC 768 Error Types (1.3.6.1.5.5.7.15)" table with three columns: 770 Decimal Description References 771 ------- ------------------------------ --------------------- 772 1 id-cet-skdFailInfo [RFC5275] 774 Future updates to this table require both Specification Required and 775 Expert Review as defined in [RFC5226]. 777 3.22. Add SMI Security for PKIX Revocation Information Types Registry 779 Within the SMI-numbers registry, add a "SMI Security for PKIX 780 Revocation Information Types (1.3.6.1.5.5.7.16)" table with three 781 columns: 783 Decimal Description References 784 ------- ------------------------------ --------------------- 785 1 id-ri-crl [RFC5940] 786 2 id-ri-ocsp-response [RFC5940] 787 3 id-ri-delta-crl [RFC5940] 788 4 id-ri-scvp [RFC5940] 790 Future updates to this table require both Specification Required and 791 Expert Review as defined in [RFC5226]. 793 3.23. Add SMI Security for PKIX SCVP Check Types Registry 795 Within the SMI-numbers registry, add a "SMI Security for PKIX SCVP 796 Check Types (1.3.6.1.5.5.7.17)" table with three columns: 798 Decimal Description References 799 ------- ------------------------------ --------------------- 800 1 id-stc-build-pkc-path [RFC5055] 801 2 id-stc-build-valid-pkc-path [RFC5055] 802 3 id-stc-build-status-checked-pkc-path [RFC5055] 803 4 id-stc-build-aa-path [RFC5055] 804 5 id-stc-build-valid-aa-path [RFC5055] 805 6 id-stc-build-status-checked-aa-path [RFC5055] 806 7 id-stc-status-check-ac-and-build-status-checked-aa-path 807 [RFC5055] 809 Future updates to this table require both Specification Required and 810 Expert Review as defined in [RFC5226]. 812 3.24. Add SMI Security for PKIX SCVP Want Back Types Registry 814 Within the SMI-numbers registry, add a "SMI Security for PKIX SCVP 815 Want Back Types (1.3.6.1.5.5.7.18)" table with three columns: 817 Decimal Description References 818 ------- ------------------------------ --------------------- 819 1 id-swb-pkc-cert-path [RFC5055] 820 2 id-swb-pkc-revocation-info [RFC5055] 821 3 id-swb-pkc-cert-status Reserved and Obsolete 822 4 id-swb-pkc-public-key-info [RFC5055] 823 5 id-swb-aa-cert-path [RFC5055] 824 6 id-swb-aa-revocation-info [RFC5055] 825 7 id-swb-ac-revocation-info [RFC5055] 826 8 id-swb-ac-cert-status Reserved and Obsolete 827 9 id-swb-relayed-responses [RFC5055] 828 10 id-swb-pkc-cert [RFC5055] 829 11 id-swb-ac-cert [RFC5055] 830 12 id-swb-pkc-all-cert-paths [RFC5055] 831 13 id-swb-pkc-ee-revocation-info [RFC5055] 832 14 id-swb-pkc-ca-revocation-info [RFC5055] 833 15 id-swb-partial-cert-path [RFC5276] 834 16 id-swb-ers-pkc-cert [RFC5276] 835 17 id-swb-ers-best-cert-path [RFC5276] 836 18 id-swb-ers-partial-cert-path [RFC5276] 837 19 id-swb-ers-revocation-info [RFC5276] 838 20 id-swb-ers-all [RFC5276] 840 Future updates to this table require both Specification Required and 841 Expert Review as defined in [RFC5226]. 843 3.25. Add SMI Security for PKIX SCVP Validation Policies and Algorithms 844 Registry 846 Within the SMI-numbers registry, add a "SMI Security for PKIX SCVP 847 Validation Policies and Algorithms (1.3.6.1.5.5.7.19)" table with 848 three columns: 850 Decimal Description References 851 ------- ------------------------------ --------------------- 852 1 id-svp-defaultValPolicy [RFC5055] 853 2 id-svp-nameValAlg [RFC5055] 854 3 id-svp-basicValAlg [RFC5055] 855 4 id-svp-dnValAlg [RFC5055] 857 Note: id-svp-nameValAlg is also known as id-nvae. 859 Note: id-svp-basicValAlg is also known as id-bvae. 861 Note: id-svp-dnValAlg is also known as id-dnvae. 863 Future updates to this table require both Specification Required and 864 Expert Review as defined in [RFC5226]. 866 3.26. Add SMI Security for PKIX SCVP Name Validation Policy Errors 867 Registry 869 Within the SMI-numbers registry, add a "SMI Security for PKIX SCVP 870 Name Validation Policy Errors (1.3.6.1.5.5.7.19.2)" table with three 871 columns: 873 Decimal Description References 874 ------- ------------------------------ --------------------- 875 1 id-nvae-nameMismatch [RFC5055] 876 2 id-nvae-noCertName [RFC5055] 877 3 id-nvae-unknownPupose [RFC5055] 878 4 id-nvae-badName [RFC5055] 879 5 id-nvae-badNameType [RFC5055] 880 6 id-nvae-mixedNames [RFC5055] 882 Future updates to this table require both Specification Required and 883 Expert Review as defined in [RFC5226]. 885 3.27. Add SMI Security for PKIX SCVP Basic Validation Policy Errors 886 Registry 888 Within the SMI-numbers registry, add a "SMI Security for PKIX SCVP 889 Basic Validation Policy Errors (1.3.6.1.5.5.7.19.3)" table with three 890 columns: 892 Decimal Description References 893 ------- ------------------------------ --------------------- 894 1 id-bvae-expired [RFC5055] 895 2 id-bvae-notYetValid [RFC5055] 896 3 id-bvae-wrongTrustAnchor [RFC5055] 897 4 id-bvae-noValidCertPath [RFC5055] 898 5 id-bvae-revoked [RFC5055] 899 9 id-bvae-invalidKeyPurpose [RFC5055] 900 10 id-bvae-invalidKeyUsage [RFC5055] 901 11 id-bvae-invalidCertPolicy [RFC5055] 902 12 id-bvae-invalidName Reserved and Obsolete 903 13 id-bvae-invalidEntity Reserved and Obsolete 904 14 id-bvae-invalidPathDepth Reserved and Obsolete 906 Future updates to this table require both Specification Required and 907 Expert Review as defined in [RFC5226]. 909 3.28. Add SMI Security for PKIX SCVP Distinguished Name Validation 910 Policy Errors Registry 912 Within the SMI-numbers registry, add a "SMI Security for PKIX SCVP 913 Distinguished Name Validation Policy Errors (1.3.6.1.5.5.7.19.4)" 914 table with three columns: 916 Decimal Description References 917 ------- ------------------------------ --------------------- 919 Note: This table is currently empty. 921 Future updates to this table require both Specification Required and 922 Expert Review as defined in [RFC5226]. 924 3.29. Add SMI Security for PKIX Other Logotype Identifiers Registry 926 Within the SMI-numbers registry, add a "SMI Security for PKIX Other 927 Logotype Identifiers (1.3.6.1.5.5.7.20)" table with three columns: 929 Decimal Description References 930 ------- ------------------------------ --------------------- 931 1 id-logo-loyalty [RFC3709] 932 2 id-logo-background [RFC3709] 933 3 id-logo-certImage [RFC6170] 935 Future updates to this table require both Specification Required and 936 Expert Review as defined in [RFC5226]. 938 3.30. Add SMI Security for PKIX Proxy Certificate Policy Languages 939 Registry 941 Within the SMI-numbers registry, add a "SMI Security for PKIX Proxy 942 Certificate Policy Languages (1.3.6.1.5.5.7.21)" table with three 943 columns: 945 Decimal Description References 946 ------- ------------------------------ --------------------- 947 1 id-ppl-anyLanguage [RFC3820] 948 2 id-ppl-inheritAll [RFC3820] 949 3 id-ppl-independent [RFC3820] 951 Future updates to this table require both Specification Required and 952 Expert Review as defined in [RFC5226]. 954 3.31. Add SMI Security for PKIX Proxy Matching Rules Registry 956 Within the SMI-numbers registry, add a "SMI Security for PKIX 957 Matching Rules (1.3.6.1.5.5.7.22)" table with three columns: 959 Decimal Description References 960 ------- ------------------------------ --------------------- 961 1 id-mr-pkix-alphanum-ids [RFC2985] 963 Future updates to this table require both Specification Required and 964 Expert Review as defined in [RFC5226]. 966 3.32. Add SMI Security for PKIX Subject Key Identifier Semantics 967 Registry 969 Within the SMI-numbers registry, add a "SMI Security for PKIX Subject 970 Key Identifier Semantics (1.3.6.1.5.5.7.23)" table with three 971 columns: 973 Decimal Description References 974 ------- ------------------------------ --------------------- 975 1 id-skis-keyHash Reserved and Obsolete 976 2 id-skis-4BitKeyHash Reserved and Obsolete 977 3 id-skis-keyInfoHash Reserved and Obsolete 979 Future updates to this table require both Specification Required and 980 Expert Review as defined in [RFC5226]. 982 3.33. Add SMI Security for PKIX Access Descriptor Registry 984 Within the SMI-numbers registry, add a "SMI Security for PKIX Access 985 Descriptors for the Authority Information Access Extension 986 (1.3.6.1.5.5.7.48)" table with three columns: 988 Decimal Description References 989 ------- ------------------------------ --------------------- 990 1 id-ad-ocsp [RFC2459] 991 2 id-ad-caIssuers [RFC2459] 992 3 id-ad-timestamping [RFC3161] 993 4 id-ad-dvcs [RFC3029] 994 5 id-ad-caRepository [RFC3280] 995 6 id-ad-http-certs [RFC4387] 996 7 id-ad-http-crls [RFC4387] 997 8 id-ad-xkms Reserved and Obsolete 998 9 id-ad-signedObjectRepository Reserved and Obsolete 999 10 id-ad-rpkiManifest [RFC6487] 1000 11 id-ad-signedObject [RFC6487] 1001 12 id-ad-cmc [RFC6402] 1003 Note: id-ad-ocsp is also known as id-pkix-ocsp. 1005 Future updates to this table require both Specification Required and 1006 Expert Review as defined in [RFC5226]. 1008 3.34. Add SMI Security for PKIX OCSP Registry 1010 Within the SMI-numbers registry, add a "SMI Security for PKIX Online 1011 Certificate Status Protocol (OCSP) (1.3.6.1.5.5.7.48.1)" table with 1012 three columns: 1014 Decimal Description References 1015 ------- ------------------------------ --------------------- 1016 1 id-pkix-ocsp-basic [RFC2560] 1017 2 id-pkix-ocsp-nonce [RFC2560] 1018 3 id-pkix-ocsp-crl [RFC2560] 1019 4 id-pkix-ocsp-response [RFC2560] 1020 5 id-pkix-ocsp-nocheck [RFC2560] 1021 6 id-pkix-ocsp-archive-cutoff [RFC2560] 1022 7 id-pkix-ocsp-service-locator [RFC2560] 1023 8 id-pkix-ocsp-pref-sig-algs [RFC6277] 1024 9 id-pkix-ocsp-extended-revoke [RFC6960] 1026 Future updates to this table require both Specification Required and 1027 Expert Review as defined in [RFC5226]. 1029 4. Security Considerations 1031 This document populates an IANA registry, and it raises no new 1032 security considerations. The protocols that specify these values 1033 include the security considerations associated with their usage. 1035 5. References 1037 5.1. Normative References 1039 [ASN1-88] International Telephone and Telegraph Consultative 1040 Committee, "Specification of Abstract Syntax Notation One 1041 (ASN.1)", CCITT Recommendation X.208, 1988. 1043 [ASN1-97] International Telecommunications Union, "Abstract Syntax 1044 Notation One (ASN.1): Specification of basic notation", 1045 ITU-T Recommendation X.680, 1997. 1047 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 1048 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 1049 May 2008. 1051 5.2. Informative References 1053 [Err3860] Errata for RFC 6402. 1054 [http://www.rfc-editor.org/errata_search.php?eid=3860] 1056 [ID-Abley] Abley, J., J. Schlyter, and G. Bailey, "DNSSEC Trust 1057 Anchor Publication for the Root Zone", Work in Progress, 1058 December 2013. 1059 [draft-jabley-dnssec-trust-anchor-08] 1061 [ID-Housley] Housley, R., "Object Identifiers for Test Certificate 1062 Policies", Work in Progress, January 2014. 1063 [draft-housley-pkix-test-oids-00] 1065 [RFC2459] Housley, R., Ford, W., Polk, W., and D. Solo, "Internet 1066 X.509 Public Key Infrastructure Certificate and CRL 1067 Profile", RFC 2459, January 1999. 1069 [RFC2510] Adams, C. and S. Farrell, "Internet X.509 Public Key 1070 Infrastructure Certificate Management Protocols", 1071 RFC 2510, March 1999. 1073 [RFC2511] Myers, M., Adams, C., Solo, D., and D. Kemp, "Internet 1074 X.509 Certificate Request Message Format", RFC 2511, March 1075 1999. 1077 [RFC2528] Housley, R. and W. Polk, "Internet X.509 Public Key 1078 Infrastructure Representation of Key Exchange Algorithm 1079 (KEA) Keys in Internet X.509 Public Key Infrastructure 1080 Certificates", RFC 2528, March 1999. 1082 [RFC2560] Myers, M., Ankney, R., Malpani, A., Galperin, S., and C. 1083 Adams, "X.509 Internet Public Key Infrastructure Online 1084 Certificate Status Protocol - OCSP", RFC 2560, June 1999. 1086 [RFC2797] Myers, M., Liu, X., Schaad, J., and J. Weinstein, 1087 "Certificate Management Messages over CMS", RFC 2797, 1088 April 2000. 1090 [RFC2875] Prafullchandra, H. and J. Schaad, "Diffie-Hellman Proof- 1091 of-Possession Algorithms", RFC 2875, July 2000. 1093 [RFC2985] Nystrom, M. and B. Kaliski, "PKCS #9: Selected Object 1094 Classes and Attribute Types Version 2.0", RFC 2985, 1095 November 2000. 1097 [RFC3029] Adams, C., Sylvester, P., Zolotarev, M., and R. 1098 Zuccherato, "Internet X.509 Public Key Infrastructure Data 1099 Validation and Certification Server Protocols", RFC 3029, 1100 February 2001. 1102 [RFC3161] Adams, C., Cain, P., Pinkas, D., and R. Zuccherato, 1103 "Internet X.509 Public Key Infrastructure Time-Stamp 1104 Protocol (TSP)", RFC 3161, August 2001. 1106 [RFC3279] Bassham, L., Polk, W., and R. Housley, "Algorithms and 1107 Identifiers for the Internet X.509 Public Key 1108 Infrastructure Certificate and Certificate Revocation List 1109 (CRL) Profile", RFC 3279, April 2002. 1111 [RFC3280] Housley, R., Polk, W., Ford, W., and D. Solo, "Internet 1112 X.509 Public Key Infrastructure Certificate and 1113 Certificate Revocation List (CRL) Profile", RFC 3280, 1114 April 2002. 1116 [RFC3281] Farrell, S. and R. Housley, "An Internet Attribute 1117 Certificate Profile for Authorization", RFC 3281, April 1118 2002. 1120 [RFC3709] Santesson, S., Housley, R., and T. Freeman, "Internet 1121 X.509 Public Key Infrastructure: Logotypes in X.509 1122 Certificates", RFC 3709, February 2004. 1124 [RFC3739] Santesson, S., Nystrom, M., and T. Polk, "Internet X.509 1125 Public Key Infrastructure: Qualified Certificates 1126 Profile", RFC 3739, March 2004. 1128 [RFC3770] Housley, R. and T. Moore, "Certificate Extensions and 1129 Attributes Supporting Authentication in Point-to-Point 1130 Protocol (PPP) and Wireless Local Area Networks (WLAN)", 1131 RFC 3770, May 2004. 1133 [RFC3779] Lynn, C., Kent, S., and K. Seo, "X.509 Extensions for IP 1134 Addresses and AS Identifiers", RFC 3779, June 2004. 1136 [RFC3820] Tuecke, S., Welch, V., Engert, D., Pearlman, L., and M. 1137 Thompson, "Internet X.509 Public Key Infrastructure (PKI) 1138 Proxy Certificate Profile", RFC 3820, June 2004. 1140 [RFC3920] Saint-Andre, P., Ed., "Extensible Messaging and Presence 1141 Protocol (XMPP): Core", RFC 3920, October 2004. 1143 [RFC4043] Pinkas, D. and T. Gindin, "Internet X.509 Public Key 1144 Infrastructure Permanent Identifier", RFC 4043, May 2005. 1146 [RFC4055] Schaad, J., Kaliski, B., and R. Housley, "Additional 1147 Algorithms and Identifiers for RSA Cryptography for use in 1148 the Internet X.509 Public Key Infrastructure Certificate 1149 and Certificate Revocation List (CRL) Profile", RFC 4055, 1150 June 2005. 1152 [RFC4059] Linsenbardt, D., Pontius, S., and A. Sturgeon, "Internet 1153 X.509 Public Key Infrastructure Warranty Certificate 1154 Extension", RFC 4059, May 2005. 1156 [RFC4108] Housley, R., "Using Cryptographic Message Syntax (CMS) to 1157 Protect Firmware Packages", RFC 4108, August 2005. 1159 [RFC4210] Adams, C., Farrell, S., Kause, T., and T. Mononen, 1160 "Internet X.509 Public Key Infrastructure Certificate 1161 Management Protocol (CMP)", RFC 4210, September 2005. 1163 [RFC4306] Kaufman, C., Ed., "Internet Key Exchange (IKEv2) 1164 Protocol", RFC 4306, December 2005. 1166 [RFC4334] Housley, R. and T. Moore, "Certificate Extensions and 1167 Attributes Supporting Authentication in Point-to-Point 1168 Protocol (PPP) and Wireless Local Area Networks (WLAN)", 1169 RFC 4334, February 2006. 1171 [RFC4387] Gutmann, P., Ed., "Internet X.509 Public Key 1172 Infrastructure Operational Protocols: Certificate Store 1173 Access via HTTP", RFC 4387, February 2006. 1175 [RFC4476] Francis, C. and D. Pinkas, "Attribute Certificate (AC) 1176 Policies Extension", RFC 4476, May 2006. 1178 [RFC4683] Park, J., Lee, J., . Lee, H., Park, S., and T. Polk, 1179 "Internet X.509 Public Key Infrastructure Subject 1180 Identification Method (SIM)", RFC 4683, October 2006. 1182 [RFC4945] Korver, B., "The Internet IP Security PKI Profile of 1183 IKEv1/ISAKMP, IKEv2, and PKIX", RFC 4945, August 2007. 1185 [RFC5055] Freeman, T., Housley, R., Malpani, A., Cooper, D., and W. 1186 Polk, "Server-Based Certificate Validation Protocol 1187 (SCVP)", RFC 5055, December 2007. 1189 [RFC5272] Schaad, J. and M. Myers, "Certificate Management over CMS 1190 (CMC)", RFC 5272, June 2008. 1192 [RFC5275] Turner, S., "CMS Symmetric Key Management and 1193 Distribution", RFC 5275, June 2008. 1195 [RFC5276] Wallace, C., "Using the Server-Based Certificate 1196 Validation Protocol (SCVP) to Convey Long-Term Evidence 1197 Records", RFC 5276, August 2008. 1199 [RFC5415] Calhoun, P., Ed., Montemurro, M., Ed., and D. Stanley, 1200 Ed., "Control And Provisioning of Wireless Access Points 1201 (CAPWAP) Protocol Specification", RFC 5415, March 2009. 1203 [RFC5480] Turner, S., Brown, D., Yiu, K., Housley, R., and T. Polk, 1204 "Elliptic Curve Cryptography Subject Public Key 1205 Information", RFC 5480, March 2009. 1207 [RFC5697] Farrell, S., "Other Certificates Extension", RFC 5697, 1208 November 2009. 1210 [RFC5755] Farrell, S., Housley, R., and S. Turner, "An Internet 1211 Attribute Certificate Profile for Authorization", 1212 RFC 5755, January 2010. 1214 [RFC5912] Hoffman, P. and J. Schaad, "New ASN.1 Modules for the 1215 Public Key Infrastructure Using X.509 (PKIX)", RFC 5912, 1216 June 2010. 1218 [RFC5913] Turner, S. and S. Chokhani, "Clearance Attribute and 1219 Authority Clearance Constraints Certificate Extension", 1220 RFC 5913, June 2010. 1222 [RFC5915] Turner, S. and D. Brown, "Elliptic Curve Private Key 1223 Structure", RFC 5915, June 2010. 1225 [RFC5924] Lawrence, S. and V. Gurbani, "Extended Key Usage (EKU) for 1226 Session Initiation Protocol (SIP) X.509 Certificates", 1227 RFC 5924, June 2010. 1229 [RFC5934] Housley, R., Ashmore, S., and C. Wallace, "Trust Anchor 1230 Management Protocol (TAMP)", RFC 5934, August 2010. 1232 [RFC5940] Turner, S. and R. Housley, "Additional Cryptographic 1233 Message Syntax (CMS) Revocation Information Choices", 1234 RFC 5940, August 2010. 1236 [RFC6010] Housley, R., Ashmore, S., and C. Wallace, "Cryptographic 1237 Message Syntax (CMS) Content Constraints Extension", 1238 RFC 6010, September 2010. 1240 [RFC6170] Santesson, S., Housley, R., Bajaj, S., and L. Rosenthol, 1241 "Internet X.509 Public Key Infrastructure -- Certificate 1242 Image", RFC 6170, May 2011. 1244 [RFC6187] Igoe, K. and D. Stebila, "X.509v3 Certificates for Secure 1245 Shell Authentication", RFC 6187, March 2011. 1247 [RFC6268] Schaad, J. and S. Turner, "Additional New ASN.1 Modules 1248 for the Cryptographic Message Syntax (CMS) and the Public 1249 Key Infrastructure Using X.509 (PKIX)", RFC 6268, July 1250 2011. 1252 [RFC6277] Santesson, S. and P. Hallam-Baker, "Online Certificate 1253 Status Protocol Algorithm Agility", RFC 6277, June 2011. 1255 [RFC6402] Schaad, J., "Certificate Management over CMS (CMC) 1256 Updates", RFC 6402, November 2011. 1258 [RFC6484] Kent, S., Kong, D., Seo, K., and R. Watro, "Certificate 1259 Policy (CP) for the Resource Public Key Infrastructure 1260 (RPKI)", BCP 173, RFC 6484, February 2012. 1262 [RFC6487] Huston, G., Michaelson, G., and R. Loomans, "A Profile for 1263 X.509 PKIX Resource Certificates", RFC 6487, February 1264 2012. 1266 [RFC6494] Gagliano, R., Krishnan, S., and A. Kukec, "Certificate 1267 Profile and Certificate Management for SEcure Neighbor 1268 Discovery (SEND)", RFC 6494, February 2012. 1270 [RFC6664] Schaad, J., "S/MIME Capabilities for Public Key 1271 Definitions", RFC 6664, July 2012. 1273 [RFC6955] Schaad, J. and H. Prafullchandra, "Diffie-Hellman Proof- 1274 of-Possession Algorithms", RFC 6955, May 2013. 1276 [RFC6960] Santesson, S., Myers, M., Ankney, R., Malpani, A., 1277 Galperin, S., and C. Adams, "X.509 Internet Public Key 1278 Infrastructure Online Certificate Status Protocol - OCSP", 1279 RFC 6960, June 2013. 1281 Acknowledgements 1283 Many thanks to David Cooper, Jim Schaad, and Sean Turner for their 1284 careful review and comments. 1286 Author's Address 1288 Russ Housley 1289 918 Spring Knoll Drive 1290 Herndon, VA 20170 1291 USA 1292 EMail: housley@vigilsec.com