idnits 2.17.00 (12 Aug 2021) /tmp/idnits54821/draft-housley-pkix-oids-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (3 February 2014) is 3029 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- ** Obsolete normative reference: RFC 5226 (Obsoleted by RFC 8126) == Outdated reference: draft-jabley-dnssec-trust-anchor has been published as RFC 7958 == Outdated reference: draft-ietf-sidr-bgpsec-pki-profiles has been published as RFC 8209 == Outdated reference: draft-housley-pkix-test-oids has been published as RFC 7229 -- Obsolete informational reference (is this intentional?): RFC 2459 (Obsoleted by RFC 3280) -- Obsolete informational reference (is this intentional?): RFC 2510 (Obsoleted by RFC 4210) -- Obsolete informational reference (is this intentional?): RFC 2511 (Obsoleted by RFC 4211) -- Obsolete informational reference (is this intentional?): RFC 2560 (Obsoleted by RFC 6960) -- Obsolete informational reference (is this intentional?): RFC 2797 (Obsoleted by RFC 5272) -- Obsolete informational reference (is this intentional?): RFC 2875 (Obsoleted by RFC 6955) -- Obsolete informational reference (is this intentional?): RFC 3039 (Obsoleted by RFC 3739) -- Obsolete informational reference (is this intentional?): RFC 3280 (Obsoleted by RFC 5280) -- Obsolete informational reference (is this intentional?): RFC 3281 (Obsoleted by RFC 5755) -- Obsolete informational reference (is this intentional?): RFC 3770 (Obsoleted by RFC 4334) -- Obsolete informational reference (is this intentional?): RFC 3920 (Obsoleted by RFC 6120) -- Obsolete informational reference (is this intentional?): RFC 4306 (Obsoleted by RFC 5996) -- Obsolete informational reference (is this intentional?): RFC 6277 (Obsoleted by RFC 6960) -- Duplicate reference: RFC6402, mentioned in 'RFC6402', was also mentioned in 'Err3860'. Summary: 1 error (**), 0 flaws (~~), 4 warnings (==), 15 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 INTERNET-DRAFT R. Housley 3 Intended Status: Informational Vigil Security 4 Expires: 3 August 2014 3 February 2014 6 Object Identifier Registry for the PKIX Working Group 7 9 Abstract 11 When the Public-Key Infrastructure using X.509 (PKIX) Working Group 12 was chartered, an object identifier arc was was allocated by IANA for 13 use by that working group. This document describes the object 14 identifiers that were assigned in that arc, it returns control of 15 that arc to IANA, and it establishes IANA allocation policies for any 16 future assignments within that arc. 18 Status of this Memo 20 This Internet-Draft is submitted to IETF in full conformance with the 21 provisions of BCP 78 and BCP 79. 23 Internet-Drafts are working documents of the Internet Engineering 24 Task Force (IETF), its areas, and its working groups. Note that 25 other groups may also distribute working documents as 26 Internet-Drafts. 28 Internet-Drafts are draft documents valid for a maximum of six months 29 and may be updated, replaced, or obsoleted by other documents at any 30 time. It is inappropriate to use Internet-Drafts as reference 31 material or to cite them other than as "work in progress." 33 The list of current Internet-Drafts can be accessed at 34 http://www.ietf.org/1id-abstracts.html 36 The list of Internet-Draft Shadow Directories can be accessed at 37 http://www.ietf.org/shadow.html 39 Copyright and License Notice 41 Copyright (c) 2014 IETF Trust and the persons identified as the 42 document authors. All rights reserved. 44 This document is subject to BCP 78 and the IETF Trust's Legal 45 Provisions Relating to IETF Documents 46 (http://trustee.ietf.org/license-info) in effect on the date of 47 publication of this document. Please review these documents 48 carefully, as they describe your rights and restrictions with respect 49 to this document. Code Components extracted from this document must 50 include Simplified BSD License text as described in Section 4.e of 51 the Trust Legal Provisions and are provided without warranty as 52 described in the Simplified BSD License. 54 Table of Contents 56 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 57 2. Subordinate Object Identifier Arcs . . . . . . . . . . . . . . 4 58 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 59 3.1. Update to SMI Security for Mechanism Codes Registry . . . 6 60 3.2. Add SMI Security for PKIX Registry . . . . . . . . . . . . 7 61 3.3. Add SMI Security for PKIX Module Identifier Registry . . . 7 62 3.4. Add SMI Security for PKIX Certificate Extension Registry . 9 63 3.5. Add SMI Security for PKIX Policy Qualifier Registry . . . 10 64 3.6. Add SMI Security for PKIX Extended Key Purpose Registry . 10 65 3.7. Add SMI Security for PKIX CMP Information Types Registry . 11 66 3.8. Add SMI Security for PKIX CRMF Registration Registry . . . 12 67 3.9. Add SMI Security for PKIX CRMF Registration Controls 68 Registry . . . . . . . . . . . . . . . . . . . . . . . . . 12 69 3.10. Add SMI Security for PKIX CRMF Registration Information 70 Registry . . . . . . . . . . . . . . . . . . . . . . . . 13 71 3.11. Add SMI Security for PKIX Algorithms Registry . . . . . . 13 72 3.12. Add SMI Security for PKIX CMC Controls Registry . . . . . 14 73 3.13. Add SMI Security for PKIX CMC GLA Requests and 74 Responses Registry . . . . . . . . . . . . . . . . . . . 15 75 3.14. Add SMI Security for PKIX Other Name Forms Registry . . . 15 76 3.15. Add SMI Security for PKIX Personal Data Attributes 77 Registry . . . . . . . . . . . . . . . . . . . . . . . . 15 78 3.16. Add SMI Security for PKIX Attribute Certificate 79 Attributes Registry . . . . . . . . . . . . . . . . . . . 16 80 3.17. Add SMI Security for PKIX Qualified Certificate 81 Statements Registry . . . . . . . . . . . . . . . . . . . 16 82 3.18. Add SMI Security for PKIX CMC Content Types Registry . . 16 83 3.19. Add SMI Security for PKIX OIDs used Only for Testing 84 Registry . . . . . . . . . . . . . . . . . . . . . . . . 17 85 3.20. Add SMI Security for PKIX Certificate Policies Registry . 17 86 3.21. Add SMI Security for PKIX CMC Error Types Registry . . . 17 87 3.22. Add SMI Security for PKIX Revocation Information Types 88 Registry . . . . . . . . . . . . . . . . . . . . . . . . 18 90 3.23. Add SMI Security for PKIX SCVP Check Types Registry . . . 18 91 3.24. Add SMI Security for PKIX SCVP Want Back Types Registry . 18 92 3.25. Add SMI Security for PKIX SCVP Validation Policies and 93 Algorithms Registry . . . . . . . . . . . . . . . . . . . 19 94 3.26. Add SMI Security for PKIX SCVP Name Validation Policy 95 Errors Registry . . . . . . . . . . . . . . . . . . . . . 20 96 3.27. Add SMI Security for PKIX SCVP Basic Validation Policy 97 Errors Registry . . . . . . . . . . . . . . . . . . . . . 20 98 3.28. Add SMI Security for PKIX SCVP Distinguished Name 99 Validation Policy Errors Registry . . . . . . . . . . . . 21 100 3.29. Add SMI Security for PKIX Other Logotype Identifiers 101 Registry . . . . . . . . . . . . . . . . . . . . . . . . 21 102 3.30. Add SMI Security for PKIX Proxy Certificate Policy 103 Languages Registry . . . . . . . . . . . . . . . . . . . 21 104 3.31. Add SMI Security for PKIX Proxy Matching Rules Registry . 22 105 3.32. Add SMI Security for PKIX Subject Key Identifier 106 Semantics Registry . . . . . . . . . . . . . . . . . . . 22 107 3.33. Add SMI Security for PKIX Access Descriptor Registry . . 22 108 3.34. Add SMI Security for PKIX OCSP Registry . . . . . . . . . 23 109 4. Security Considerations . . . . . . . . . . . . . . . . . . . 23 110 5. References . . . . . . . . . . . . . . . . . . . . . . . . . . 23 111 5.1. Normative References . . . . . . . . . . . . . . . . . . . 23 112 5.2. Informative References . . . . . . . . . . . . . . . . . . 24 113 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . . 29 114 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 30 116 1. Introduction 118 When the Public-Key Infrastructure using X.509 (PKIX) Working Group 119 was chartered, an object identifier arc was was allocated by IANA for 120 use by that working group. These object identifiers are primarily 121 used with Abstract Syntax Notation One (ASN.1) [ASN1-88] [ASN1-97]. 122 The ASN.1 specifications continue to evolve, but object identifiers 123 can be used with any and all versions of ASN.1. 125 The PKIX object identifier arc is: 127 id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) 128 dod(6) internet(1) security(5) mechanisms(5) pkix(7) } 130 This document describes the object identifiers that were assigned in 131 the PKIX arc, it returns control of the PKIX arc to IANA, and it 132 establishes IANA allocation policies for any future assignments 133 within the PKIX arc. 135 2. Subordinate Object Identifier Arcs 137 Twenty-five subordinate object identifier arcs were used, numbered 138 from 0 to 23 and 48. In addition, seven of these arcs include 139 further subordinate arcs. They were assigned as follows: 141 -- ASN.1 modules 142 id-mod OBJECT IDENTIFIER ::= { id-pkix 0 } 144 -- PKIX certificate extensions 145 id-pe OBJECT IDENTIFIER ::= { id-pkix 1 } 147 -- Policy qualifier types 148 id-qt OBJECT IDENTIFIER ::= { id-pkix 2 } 150 -- Extended key purpose identifiers 151 id-kp OBJECT IDENTIFIER ::= { id-pkix 3 } 153 -- CMP information types 154 id-it OBJECT IDENTIFIER ::= { id-pkix 4 } 156 -- CRMF registration 157 id-pkip OBJECT IDENTIFIER ::= { id-pkix 5 } 159 -- CRMF registration controls 160 id-regCtrl OBJECT IDENTIFIER ::= { id-pkix 5 1 } 162 -- CRMF registration information 163 id-regInfo OBJECT IDENTIFIER ::= { id-pkix 5 2 } 164 -- Algorithms 165 id-alg OBJECT IDENTIFIER ::= { id-pkix 6 } 167 -- CMC controls 168 id-cmc OBJECT IDENTIFIER ::= { id-pkix 7 } 170 -- CMC GLA Requests and Responses 171 id-cmc-glaRR OBJECT IDENTIFIER ::= { id-pkix 7 99 } 173 -- Other name forms 174 id-on OBJECT IDENTIFIER ::= { id-pkix 8 } 176 -- Personal data attribute 177 id-pda OBJECT IDENTIFIER ::= { id-pkix 9 } 179 -- Attribute certificate attributes 180 id-aca OBJECT IDENTIFIER ::= { id-pkix 10 } 182 -- Qualified certificate statements 183 id-qcs OBJECT IDENTIFIER ::= { id-pkix 11 } 185 -- CMC content types 186 id-cct OBJECT IDENTIFIER ::= { id-pkix 12 } 188 -- OIDs for TESTING ONLY 189 id-TEST OBJECT IDENTIFIER ::= { id-pkix 13 } 191 -- Certificate policies 192 id-cp OBJECT IDENTIFIER ::= { id-pkix 14 } 194 -- CMC error types 195 id-cet OBJECT IDENTIFIER ::= { id-pkix 15 } 197 -- Revocation information types 198 id-ri OBJECT IDENTIFIER ::= { id-pkix 16 } 200 -- SCVP check type 201 id-sct OBJECT IDENTIFIER ::= { id-pkix 17 } 203 -- SCVP want back types 204 id-swb OBJECT IDENTIFIER ::= { id-pkix 18 } 206 -- SCVP validation policies 207 id-svp OBJECT IDENTIFIER ::= { id-pkix 19 } 209 -- SCVP name validation policy errors 210 id-nvae OBJECT IDENTIFIER ::= { id-pkix 19 2 } 211 -- SCVP basic validation policy errors 212 id-bvae OBJECT IDENTIFIER ::= { id-pkix 19 3 } 214 -- SCVP distinguished name validation policy errors 215 id-dnvae OBJECT IDENTIFIER ::= { id-pkix 19 4 } 217 -- Other logotype identifiers 218 id-logo OBJECT IDENTIFIER ::= { id-pkix 20 } 220 -- Proxy certificate policy languages 221 id-ppl OBJECT IDENTIFIER ::= { id-pkix 21 } 223 -- Matching rules 224 id-mr OBJECT IDENTIFIER ::= { id-pkix 22 } 226 -- Subject key identifier semantics 227 id-skis OBJECT IDENTIFIER ::= { id-pkix 23 } 229 -- Access descriptors 230 id-ad OBJECT IDENTIFIER ::= { id-pkix 48 } 232 -- Online Certificate Status Protocol 233 id-pkix-ocsp OBJECT IDENTIFIER ::= { id-pkix 48 1 } 235 The values assigned in each of these subordinate object identifier 236 arcs are discussed in the next section. 238 3. IANA Considerations 240 IANA is asked to update one registry table and create 31 additional 241 tables. 243 Updates to the new tables require both Specification Required and 244 Expert Review as defined in [RFC5226]. The expert is expected to 245 ensure that any new values are strongly related to the work that was 246 done by the PKIX Working Group. That is, additional object 247 identifiers are to be related to X.509 certificate, X.509 attribute 248 certificates, X.509 certificate revocation lists (CRLs), or protocols 249 associated with them. Object identifiers for other purposes should 250 not be assigned in this arc. 252 3.1. Update to SMI Security for Mechanism Codes Registry 254 Please update the reference in the Public-Key Infrastructure using 255 X.509 (PKIX) entry (decimal value 7) to points to this document. 257 3.2. Add SMI Security for PKIX Registry 259 Within the SMI-numbers registry, add a "PKIX (1.3.6.1.5.5.7)" table 260 with three columns: 262 Decimal Description References 263 ------- -------------------------------------- ---------- 264 0 Module identifiers {This RFC} 265 1 PKIX certificate extensions {This RFC} 266 2 Policy qualifier types {This RFC} 267 3 Extended key purpose identifiers {This RFC} 268 4 CMP information types {This RFC} 269 5 CRMF registration {This RFC} 270 6 Algorithms {This RFC} 271 7 CMC controls {This RFC} 272 8 Other name forms {This RFC} 273 9 Personal data attribute {This RFC} 274 10 Attribute certificate attributes {This RFC} 275 11 Qualified certificate statements {This RFC} 276 12 CMC content types {This RFC} 277 13 OIDs for TESTING ONLY {This RFC} 278 14 Certificate policies {This RFC} 279 15 CMC error types {This RFC} 280 16 Revocation information types {This RFC} 281 17 SCVP check type {This RFC} 282 18 SCVP want back types {This RFC} 283 19 SCVP validation policies {This RFC} 284 20 Other logotype identifiers {This RFC} 285 21 Proxy certificate policy languages {This RFC} 286 22 Matching rules {This RFC} 287 23 Subject key identifier semantics {This RFC} 288 48 Access descriptors {This RFC} 290 Future updates to this table require both Specification Required and 291 Expert Review as defined in [RFC5226]. 293 3.3. Add SMI Security for PKIX Module Identifier Registry 295 Within the SMI-numbers registry, add a "SMI Security for PKIX Module 296 Identifier (1.3.6.1.5.5.7.0)" table with three columns: 298 Decimal Description References 299 ------- ------------------------------- --------------------- 300 1 id-pkix1-explicit-88 [RFC2459] 301 2 id-pkix1-implicit-88 [RFC2459] 302 3 id-pkix1-explicit-93 [RFC2459] 303 4 id-pkix1-implicit-93 [RFC2459] 304 5 id-mod-crmf [RFC2511] 305 6 id-mod-cmc [RFC2797] 306 7 id-mod-kea-profile-88 [RFC2528] 307 8 id-mod-kea-profile-93 [RFC2528] 308 9 id-mod-cmp [RFC2510] 309 10 id-mod-qualified-cert-88 [RFC3039] 310 11 id-mod-qualified-cert-93 [RFC3039] 311 12 id-mod-attribute-cert [RFC3281] 312 13 id-mod-tsp [RFC3161] 313 14 id-mod-ocsp [RFC3029] 314 15 id-mod-dvcs [RFC3029] 315 16 id-mod-cmp2000 [RFC4210] 316 17 id-mod-pkix1-algorithms [RFC3279] 317 18 id-mod-pkix1-explicit [RFC3280] 318 19 id-mod-pkix1-implicit [RFC3280] 319 20 id-mod-user-group Reserved and Obsolete 320 21 id-mod-scvp [RFC5055] 321 22 id-mod-logotype [RFC3709] 322 23 id-mod-cmc2002 [RFC5272] 323 24 id-mod-wlan-extns [RFC3770] 324 25 id-mod-proxy-cert-extns [RFC3820] 325 26 id-mod-ac-policies [RFC4476] 326 27 id-mod-warranty-extn [RFC4059] 327 28 id-mod-perm-id-88 [RFC4043] 328 29 id-mod-perm-id-93 [RFC4043] 329 30 id-mod-ip-addr-and-as-ident [RFC3779] 330 31 id-mod-qualified-cert [RFC3739] 331 32 id-mod-crmf2003 Reserved and Obsolete 332 33 id-mod-pkix1-rsa-pkalgs [RFC4055] 333 34 id-mod-cert-bundle [RFC4306] 334 35 id-mod-qualified-cert-97 [RFC3739] 335 36 id-mod-crmf2005 [RFC4210] 336 37 id-mod-wlan-extns2005 [RFC4334] 337 38 id-mod-sim2005 [RFC4683] 338 39 id-mod-dns-srv-name-88 [RFC4985] 339 40 id-mod-dns-srv-name-93 [RFC4985] 340 41 id-mod-cmsContentConstr-88 [RFC6010] 341 42 id-mod-cmsContentConstr-93 [RFC6010] 342 43 id-mod-pkixCommon Reserved and Obsolete 343 44 id-mod-pkixOtherCerts [RFC5697] 344 45 id-mod-pkix1-algorithms2008 [RFC5480] 345 46 id-mod-clearanceConstraints [RFC5913] 346 47 id-mod-attribute-cert-02 [RFC5912] 347 48 id-mod-ocsp-02 [RFC5912] 348 49 id-mod-v1AttrCert-02 [RFC5912] 349 50 id-mod-cmp2000-02 [RFC5912] 350 51 id-mod-pkix1-explicit-02 [RFC5912] 351 52 id-mod-scvp-02 [RFC5912] 352 53 id-mod-cmc2002-02 [RFC5912] 353 54 id-mod-pkix1-rsa-pkalgs-02 [RFC5912] 354 55 id-mod-crmf2005-02 [RFC5912] 355 56 id-mod-pkix1-algorithms2008-02 [RFC5912] 356 57 id-mod-pkixCommon-02 [RFC5912] 357 58 id-mod-algorithmInformation-02 [RFC5912] 358 59 id-mod-pkix1-implicit-02 [RFC5912] 359 60 id-mod-pkix1-x400address-02 [RFC5912] 360 61 id-mod-attribute-cert-v2 [RFC5755] 361 62 id-mod-sip-domain-extns2007 [RFC5924] 362 63 id-mod-cms-otherRIs-2009-88 [RFC5940] 363 64 id-mod-cms-otherRIs-2009-93 [RFC5940] 364 65 id-mod-ecprivatekey [RFC5915] 365 66 id-mod-ocsp-agility-2009-93 [RFC6277] 366 67 id-mod-ocsp-agility-2009-88 [RFC6277] 367 68 id-mod-logotype-certimage [RFC6170] 368 69 id-mod-pkcs10-2009 [RFC5912] 369 70 id-mod-dns-resource-record [ID-Abley] 370 71 id-mod-send-cert-extns [RFC6494] 371 72 id-mod-ip-addr-and-as-ident-2 [RFC6268] 372 73 id-mod-wlan-extns-2 [RFC6268] 373 74 id-mod-hmac [RFC6268] 374 75 id-mod-enrollMsgSyntax-2011-88 [RFC6402][Err3860] 375 76 id-mod-enrollMsgSyntax-2011-08 [RFC6402] 376 77 id-mod-pubKeySMIMECaps-88 [RFC6664] 377 78 id-mod-pubKeySMIMECaps-08 [RFC6664] 378 79 id-mod-dhSign-2012-88 [RFC6955] 379 80 id-mod-dhSign-2012-08 [RFC6955] 380 81 id-mod-ocsp-2013-88 [RFC6960] 381 82 id-mod-ocsp-2013-08 [RFC6960] 382 83 id-mod-TEST-certPolicies [ID-Housley] 383 84 id-mod-bgpsec-eku [ID-BGPSEC] 385 Future updates to this table require both Specification Required and 386 Expert Review as defined in [RFC5226]. 388 3.4. Add SMI Security for PKIX Certificate Extension Registry 390 Within the SMI-numbers registry, add a "SMI Security for PKIX 391 Certificate Extension (1.3.6.1.5.5.7.1)" table with three columns: 393 Decimal Description References 394 ------- ------------------------------ --------------------- 395 1 id-pe-authorityInfoAccess [RFC2459] 396 2 id-pe-biometricInfo [RFC3039] 397 3 id-pe-qcStatements [RFC3039] 398 4 id-pe-ac-auditIdentity [RFC3281] 399 5 id-pe-ac-targeting Reserved and Obsolete 400 6 id-pe-aaControls [RFC3281] 401 7 id-pe-ipAddrBlock [RFC3779] 402 8 id-pe-autonomousSysId [RFC3779] 403 9 id-pe-sbgp-routerIdentifier Reserved and Obsolete 404 10 id-pe-ac-proxying [RFC3281] 405 11 id-pe-subjectInfoAccess [RFC3280] 406 12 id-pe-logotype [RFC3709] 407 13 id-pe-wlanSSID [RFC4334] 408 14 id-pe-proxyCertInfo [RFC3820] 409 15 id-pe-acPolicies [RFC4476] 410 16 id-pe-warranty [RFC4059] 411 17 id-pe-sim Reserved and Obsolete 412 18 id-pe-cmsContentConstraints [RFC6010] 413 19 id-pe-otherCerts [RFC5697] 414 20 id-pe-wrappedApexContinKey [RFC5934] 415 21 id-pe-clearanceConstraints [RFC5913] 416 22 id-pe-skiSemantics Reserved and Obsolete 418 Future updates to this table require both Specification Required and 419 Expert Review as defined in [RFC5226]. 421 3.5. Add SMI Security for PKIX Policy Qualifier Registry 423 Within the SMI-numbers registry, add a "SMI Security for PKIX Policy 424 Qualifier Identifiers (1.3.6.1.5.5.7.2)" table with three columns: 426 Decimal Description References 427 ------- ------------------------------ --------------------- 428 1 id-qt-cps [RFC2459] 429 2 id-qt-unotice [RFC2459] 430 3 id-qt-textNotice Reserved and Obsolete 431 4 id-qt-acps [RFC4476] 432 5 id-qt-acunotice [RFC4476] 434 Future updates to this table require both Specification Required and 435 Expert Review as defined in [RFC5226]. 437 3.6. Add SMI Security for PKIX Extended Key Purpose Registry 439 Within the SMI-numbers registry, add a "SMI Security for PKIX 440 Extended Key Purpose Identifiers (1.3.6.1.5.5.7.3)" table with three 441 columns: 443 Decimal Description References 444 ------- ------------------------------ --------------------- 445 1 id-kp-serverAuth [RFC2459] 446 2 id-kp-clientAuth [RFC2459] 447 3 id-kp-codeSigning [RFC2459] 448 4 id-kp-emailProtection [RFC2459] 449 5 id-kp-ipsecEndSystem Reserved and Obsolete 450 6 id-kp-ipsecTunnel Reserved and Obsolete 451 7 id-kp-ipsecUser Reserved and Obsolete 452 8 id-kp-timeStamping [RFC2459] 453 9 id-kp-OCSPSigning [RFC2560] 454 10 id-kp-dvcs [RFC3029] 455 11 id-kp-sbgpCertAAServerAuth Reserved and Obsolete 456 12 id-kp-scvp-responder Reserved and Obsolete 457 13 id-kp-eapOverPPP [RFC4334] 458 14 id-kp-eapOverLAN [RFC4334] 459 15 id-kp-scvpServer [RFC5055] 460 16 id-kp-scvpClient [RFC5055] 461 17 id-kp-ipsecIKE [RFC4945] 462 18 id-kp-capwapAC [RFC5415] 463 19 id-kp-capwapWTP [RFC5415] 464 20 id-kp-sipDomain [RFC5924] 465 21 id-kp-secureShellClient [RFC6187] 466 22 id-kp-secureShellServer [RFC6187] 467 23 id-kp-sendRouter [RFC6494] 468 24 id-kp-sendProxy [RFC6494] 469 25 id-kp-sendOwner [RFC6494] 470 26 id-kp-sendProxiedOwner [RFC6494] 471 27 id-kp-cmcCA [RFC6402] 472 28 id-kp-cmcRA [RFC6402] 473 29 id-kp-cmcArchive [RFC6402] 474 30 id-kp-bgpsec-router [ID-BGPSEC] 476 Future updates to this table require both Specification Required and 477 Expert Review as defined in [RFC5226]. 479 3.7. Add SMI Security for PKIX CMP Information Types Registry 481 Within the SMI-numbers registry, add a "SMI Security for PKIX CMP 482 Information Types (1.3.6.1.5.5.7.4)" table with three columns: 484 Decimal Description References 485 ------- ------------------------------ --------------------- 486 1 id-it-caProtEncCert [RFC2510] 487 2 id-it-signKeyPairTypes [RFC2510] 488 3 id-it-encKeyPairTypes [RFC2510] 489 4 id-it-preferredSymmAlg [RFC2510] 490 5 id-it-caKeyUpdateInfo [RFC2510] 491 6 id-it-currentCRL [RFC2510] 492 7 id-it-unsupportedOIDs [RFC4210] 493 8 id-it-subscriptionRequest Reserved and Obsolete 494 9 id-it-subscriptionResponse Reserved and Obsolete 495 10 id-it-keyPairParamReq [RFC4210] 496 11 id-it-keyPairParamRep [RFC4210] 497 12 id-it-revPassphrase [RFC4210] 498 13 id-it-implicitConfirm [RFC4210] 499 14 id-it-confirmWaitTime [RFC4210] 500 15 id-it-origPKIMessage [RFC4210] 501 16 id-it-suppLangTags [RFC4210] 503 Future updates to this table require both Specification Required and 504 Expert Review as defined in [RFC5226]. 506 3.8. Add SMI Security for PKIX CRMF Registration Registry 508 Within the SMI-numbers registry, add a "SMI Security for PKIX CRMF 509 Registration (1.3.6.1.5.5.7.5)" table with three columns: 511 Decimal Description References 512 ------- ------------------------------ --------------------- 513 1 id-regCtrl [RFC2511] 514 2 id-regInfo [RFC2511] 515 3 id-regEPEPSI [RFC4683] 517 Future updates to this table require both Specification Required and 518 Expert Review as defined in [RFC5226]. 520 3.9. Add SMI Security for PKIX CRMF Registration Controls Registry 522 Within the SMI-numbers registry, add a "SMI Security for PKIX CRMF 523 Registration Controls (1.3.6.1.5.5.7.5.1)" table with three columns: 525 Decimal Description References 526 ------- ------------------------------ --------------------- 527 1 id-regCtrl-regToken [RFC2511] 528 2 id-regCtrl-authenticator [RFC2511] 529 3 id-regCtrl-pkiPublicationInfo [RFC2511] 530 4 id-regCtrl-pkiArchiveOptions [RFC2511] 531 5 id-regCtrl-oldCertID [RFC2511] 532 6 id-regCtrl-protocolEncrKey [RFC2511] 533 7 id-regCtrl-altCertTemplate [RFC4210] 534 8 id-regCtrl-wtlsTemplate Reserved and Obsolete 535 9 id-regCtrl-regTokenUTF8 Reserved and Obsolete 536 10 id-regCtrl-authenticatorUTF8 Reserved and Obsolete 538 Future updates to this table require both Specification Required and 539 Expert Review as defined in [RFC5226]. 541 3.10. Add SMI Security for PKIX CRMF Registration Information Registry 543 Within the SMI-numbers registry, add a "SMI Security for PKIX CRMF 544 Registration Information (1.3.6.1.5.5.7.5.2)" table with three 545 columns: 547 Decimal Description References 548 ------- ------------------------------ --------------------- 549 1 id-regInfo-utf8Pairs [RFC2511] 550 2 id-regInfo-certReq [RFC2511] 552 Future updates to this table require both Specification Required and 553 Expert Review as defined in [RFC5226]. 555 3.11. Add SMI Security for PKIX Algorithms Registry 557 Within the SMI-numbers registry, add a "SMI Security for PKIX 558 Algorithms (1.3.6.1.5.5.7.6)" table with three columns: 560 Decimal Description References 561 ------- ------------------------------ --------------------- 562 1 id-alg-des40 Reserved and Obsolete 563 2 id-alg-noSignature [RFC2797] 564 3 id-alg-dh-sig-hmac-sha1 [RFC2875] 565 4 id-alg-dhPop-sha1 [RFC2875] 566 5 id-alg-dhPop-sha224 [RFC6955] 567 6 id-alg-dhPop-sha256 [RFC6955] 568 7 id-alg-dhPop-sha384 [RFC6955] 569 8 id-alg-dhPop-sha512 [RFC6955] 570 15 id-alg-dhPop-static-sha224-hmac-sha224 [RFC6955] 571 16 id-alg-dhPop-static-sha256-hmac-sha256 [RFC6955] 572 17 id-alg-dhPop-static-sha384-hmac-sha384 [RFC6955] 573 18 id-alg-dhPop-static-sha512-hmac-sha512 [RFC6955] 574 25 id-alg-ecdhPop-static-sha224-hmac-sha224 [RFC6955] 575 26 id-alg-ecdhPop-static-sha256-hmac-sha256 [RFC6955] 576 27 id-alg-ecdhPop-static-sha384-hmac-sha384 [RFC6955] 577 28 id-alg-ecdhPop-static-sha512-hmac-sha512 [RFC6955] 579 Note: id-alg-dhPop-sha1 is also known as id-alg-dh-pop. 581 Note: id-alg-dh-sig-hmac-sha1 is also known as 582 id-alg-dhPop-static-sha1-hmac-sha1. 584 Future updates to this table require both Specification Required and 585 Expert Review as defined in [RFC5226]. 587 3.12. Add SMI Security for PKIX CMC Controls Registry 589 Within the SMI-numbers registry, add a "SMI Security for PKIX CMC 590 Controls (1.3.6.1.5.5.7.7)" table with three columns: 592 Decimal Description References 593 ------- ------------------------------ --------------------- 594 1 id-cmc-statusInfo [RFC2797] 595 2 id-cmc-identification [RFC2797] 596 3 id-cmc-identityProof [RFC2797] 597 4 id-cmc-dataReturn [RFC2797] 598 5 id-cmc-transactionId [RFC2797] 599 6 id-cmc-senderNonce [RFC2797] 600 7 id-cmc-recipientNonce [RFC2797] 601 8 id-cmc-addExtensions [RFC2797] 602 9 id-cmc-encryptedPOP [RFC2797] 603 10 id-cmc-decryptedPOP [RFC2797] 604 11 id-cmc-lraPOPWitness [RFC2797] 605 15 id-cmc-getCert [RFC2797] 606 16 id-cmc-getCRL [RFC2797] 607 17 id-cmc-revokeRequest [RFC2797] 608 18 id-cmc-regInfo [RFC2797] 609 19 id-cmc-responseInfo [RFC2797] 610 21 id-cmc-queryPending [RFC2797] 611 22 id-cmc-popLinkRandom [RFC2797] 612 23 id-cmc-popLinkWitness [RFC2797] 613 24 id-cmc-confirmCertAcceptance [RFC2797] 614 25 id-cmc-statusInfoV2 [RFC5272] 615 26 id-cmc-trustedAnchors [RFC5272] 616 27 id-cmc-authData [RFC5272] 617 28 id-cmc-batchRequests [RFC5272] 618 29 id-cmc-batchResponces [RFC5272] 619 30 id-cmc-publishCert [RFC5272] 620 31 id-cmc-modCertTemplate [RFC5272] 621 32 id-cmc-controlProcessed [RFC5272] 622 33 id-cmc-popLinkWitnessV2 [RFC5272] 623 34 id-cmc-identityProofV2 [RFC5272] 624 35 id-cmc-raIdentityWitness [RFC6402] 625 36 id-cmc-changeSubjectName [RFC6402] 626 37 id-cmc-responseBody [RFC6402] 627 99 id-cmc-glaRR [RFC5275] 629 Future updates to this table require both Specification Required and 630 Expert Review as defined in [RFC5226]. 632 3.13. Add SMI Security for PKIX CMC GLA Requests and Responses Registry 634 Within the SMI-numbers registry, add a "SMI Security for PKIX CMC GLA 635 Requests and Responses (1.3.6.1.5.5.7.7.99)" table with three 636 columns: 638 Decimal Description References 639 ------- ------------------------------ --------------------- 640 1 id-cmc-gla-skdAlgRequest [RFC5275] 641 2 id-cmc-gla-skdAlgResponse [RFC5275] 643 Future updates to this table require both Specification Required and 644 Expert Review as defined in [RFC5226]. 646 3.14. Add SMI Security for PKIX Other Name Forms Registry 648 Within the SMI-numbers registry, add a "SMI Security for PKIX Other 649 Name Forms (1.3.6.1.5.5.7.8)" table with three columns: 651 Decimal Description References 652 ------- ------------------------------ --------------------- 653 1 id-on-personalData Reserved and Obsolete 654 2 id-on-userGroup Reserved and Obsolete 655 3 id-on-permanentIdentifier [RFC4043] 656 4 id-on-hardwareModuleName [RFC4108] 657 5 id-on-xmppAddr [RFC3920] 658 6 id-on-SIM [RFC4683] 659 7 id-on-dnsSRV [RFC4985] 661 Future updates to this table require both Specification Required and 662 Expert Review as defined in [RFC5226]. 664 3.15. Add SMI Security for PKIX Personal Data Attributes Registry 666 Within the SMI-numbers registry, add a "SMI Security for PKIX 667 Personal Data Attributes (1.3.6.1.5.5.7.9)" table with three columns: 669 Decimal Description References 670 ------- ------------------------------ --------------------- 671 1 id-pda-dateOfBirth [RFC3039] 672 2 id-pda-placeOfBirth [RFC3039] 673 3 id-pda-gender [RFC3039] 674 4 id-pda-countryOfCitizenship [RFC3039] 675 5 id-pda-countryOfResidence [RFC3039] 677 Future updates to this table require both Specification Required and 678 Expert Review as defined in [RFC5226]. 680 3.16. Add SMI Security for PKIX Attribute Certificate Attributes 681 Registry 683 Within the SMI-numbers registry, add a "SMI Security for PKIX 684 Attribute Certificate Attributes (1.3.6.1.5.5.7.10)" table with three 685 columns: 687 Decimal Description References 688 ------- ------------------------------ --------------------- 689 1 id-aca-authenticationInfo [RFC3281] 690 2 id-aca-accessIdentity [RFC3281] 691 3 id-aca-chargingIdentity [RFC3281] 692 4 id-aca-group [RFC3281] 693 5 id-aca-role Reserved and Obsolete 694 6 id-aca-encAttrs [RFC3281] 695 7 id-aca-wlanSSID [RFC4334] 697 Future updates to this table require both Specification Required and 698 Expert Review as defined in [RFC5226]. 700 3.17. Add SMI Security for PKIX Qualified Certificate Statements 701 Registry 703 Within the SMI-numbers registry, add a "SMI Security for PKIX 704 Qualified Certificate Statements (1.3.6.1.5.5.7.11)" table with three 705 columns: 707 Decimal Description References 708 ------- ------------------------------ --------------------- 709 1 id-qcs-pkixQCSyntax-v1 [RFC3039] 710 2 id-qcs-pkixQCSyntax-v2 [RFC3739] 712 Future updates to this table require both Specification Required and 713 Expert Review as defined in [RFC5226]. 715 3.18. Add SMI Security for PKIX CMC Content Types Registry 717 Within the SMI-numbers registry, add a "SMI Security for PKIX CMC 718 Content Types (1.3.6.1.5.5.7.12)" table with three columns: 720 Decimal Description References 721 ------- ------------------------------ --------------------- 722 1 id-cct-crs Reserved and Obsolete 723 2 id-cct-PKIData [RFC2797] 724 3 id-cct-PKIResponse [RFC2797] 726 Future updates to this table require both Specification Required and 727 Expert Review as defined in [RFC5226]. 729 3.19. Add SMI Security for PKIX OIDs used Only for Testing Registry 731 Within the SMI-numbers registry, add a "SMI Security for PKIX OIDs 732 used ONLY for TESTING (1.3.6.1.5.5.7.13)" table with three columns: 734 Decimal Description References 735 ------- ------------------------------ --------------------- 736 1 id-TEST-certPolicyOne [ID-Housley] 737 2 id-TEST-certPolicyTwo [ID-Housley] 738 3 id-TEST-certPolicyThree [ID-Housley] 739 4 id-TEST-certPolicyFour [ID-Housley] 740 5 id-TEST-certPolicyFive [ID-Housley] 741 6 id-TEST-certPolicySix [ID-Housley] 742 7 id-TEST-certPolicySeven [ID-Housley] 743 8 id-TEST-certPolicyEight [ID-Housley] 745 Note: The object identifiers in this table should not appear on the 746 public Internet. These object identifiers are ONLY for 747 TESTING. 749 Future updates to this table require both Specification Required and 750 Expert Review as defined in [RFC5226]. 752 3.20. Add SMI Security for PKIX Certificate Policies Registry 754 Within the SMI-numbers registry, add a "SMI Security for PKIX 755 Certificate Policies (1.3.6.1.5.5.7.14)" table with three columns: 757 Decimal Description References 758 ------- ------------------------------ --------------------- 759 1 id-cp-sbgpCertificatePolicy Reserved and Obsolete 760 2 id-cp-ipAddr-asNumber [RFC6484] 762 Future updates to this table require both Specification Required and 763 Expert Review as defined in [RFC5226]. 765 3.21. Add SMI Security for PKIX CMC Error Types Registry 767 Within the SMI-numbers registry, add a "SMI Security for PKIX CMC 768 Error Types (1.3.6.1.5.5.7.15)" table with three columns: 770 Decimal Description References 771 ------- ------------------------------ --------------------- 772 1 id-cet-skdFailInfo [RFC5275] 774 Future updates to this table require both Specification Required and 775 Expert Review as defined in [RFC5226]. 777 3.22. Add SMI Security for PKIX Revocation Information Types Registry 779 Within the SMI-numbers registry, add a "SMI Security for PKIX 780 Revocation Information Types (1.3.6.1.5.5.7.16)" table with three 781 columns: 783 Decimal Description References 784 ------- ------------------------------ --------------------- 785 1 id-ri-crl [RFC5940] 786 2 id-ri-ocsp-response [RFC5940] 787 3 id-ri-delta-crl [RFC5940] 788 4 id-ri-scvp [RFC5940] 790 Future updates to this table require both Specification Required and 791 Expert Review as defined in [RFC5226]. 793 3.23. Add SMI Security for PKIX SCVP Check Types Registry 795 Within the SMI-numbers registry, add a "SMI Security for PKIX SCVP 796 Check Types (1.3.6.1.5.5.7.17)" table with three columns: 798 Decimal Description References 799 ------- ------------------------------ --------------------- 800 1 id-stc-build-pkc-path [RFC5055] 801 2 id-stc-build-valid-pkc-path [RFC5055] 802 3 id-stc-build-status-checked-pkc-path [RFC5055] 803 4 id-stc-build-aa-path [RFC5055] 804 5 id-stc-build-valid-aa-path [RFC5055] 805 6 id-stc-build-status-checked-aa-path [RFC5055] 806 7 id-stc-status-check-ac-and-build-status-checked-aa-path 807 [RFC5055] 809 Future updates to this table require both Specification Required and 810 Expert Review as defined in [RFC5226]. 812 3.24. Add SMI Security for PKIX SCVP Want Back Types Registry 814 Within the SMI-numbers registry, add a "SMI Security for PKIX SCVP 815 Want Back Types (1.3.6.1.5.5.7.18)" table with three columns: 817 Decimal Description References 818 ------- ------------------------------ --------------------- 819 1 id-swb-pkc-cert-path [RFC5055] 820 2 id-swb-pkc-revocation-info [RFC5055] 821 3 id-swb-pkc-cert-status Reserved and Obsolete 822 4 id-swb-pkc-public-key-info [RFC5055] 823 5 id-swb-aa-cert-path [RFC5055] 824 6 id-swb-aa-revocation-info [RFC5055] 825 7 id-swb-ac-revocation-info [RFC5055] 826 8 id-swb-ac-cert-status Reserved and Obsolete 827 9 id-swb-relayed-responses [RFC5055] 828 10 id-swb-pkc-cert [RFC5055] 829 11 id-swb-ac-cert [RFC5055] 830 12 id-swb-pkc-all-cert-paths [RFC5055] 831 13 id-swb-pkc-ee-revocation-info [RFC5055] 832 14 id-swb-pkc-ca-revocation-info [RFC5055] 833 15 id-swb-partial-cert-path [RFC5276] 834 16 id-swb-ers-pkc-cert [RFC5276] 835 17 id-swb-ers-best-cert-path [RFC5276] 836 18 id-swb-ers-partial-cert-path [RFC5276] 837 19 id-swb-ers-revocation-info [RFC5276] 838 20 id-swb-ers-all [RFC5276] 840 Future updates to this table require both Specification Required and 841 Expert Review as defined in [RFC5226]. 843 3.25. Add SMI Security for PKIX SCVP Validation Policies and Algorithms 844 Registry 846 Within the SMI-numbers registry, add a "SMI Security for PKIX SCVP 847 Validation Policies and Algorithms (1.3.6.1.5.5.7.19)" table with 848 three columns: 850 Decimal Description References 851 ------- ------------------------------ --------------------- 852 1 id-svp-defaultValPolicy [RFC5055] 853 2 id-svp-nameValAlg [RFC5055] 854 3 id-svp-basicValAlg [RFC5055] 855 4 id-svp-dnValAlg [RFC5055] 857 Note: id-svp-nameValAlg is also known as id-nvae. 859 Note: id-svp-basicValAlg is also known as id-bvae. 861 Note: id-svp-dnValAlg is also known as id-dnvae. 863 Future updates to this table require both Specification Required and 864 Expert Review as defined in [RFC5226]. 866 3.26. Add SMI Security for PKIX SCVP Name Validation Policy Errors 867 Registry 869 Within the SMI-numbers registry, add a "SMI Security for PKIX SCVP 870 Name Validation Policy Errors (1.3.6.1.5.5.7.19.2)" table with three 871 columns: 873 Decimal Description References 874 ------- ------------------------------ --------------------- 875 1 id-nvae-nameMismatch [RFC5055] 876 2 id-nvae-noCertName [RFC5055] 877 3 id-nvae-unknownPupose [RFC5055] 878 4 id-nvae-badName [RFC5055] 879 5 id-nvae-badNameType [RFC5055] 880 6 id-nvae-mixedNames [RFC5055] 882 Future updates to this table require both Specification Required and 883 Expert Review as defined in [RFC5226]. 885 3.27. Add SMI Security for PKIX SCVP Basic Validation Policy Errors 886 Registry 888 Within the SMI-numbers registry, add a "SMI Security for PKIX SCVP 889 Basic Validation Policy Errors (1.3.6.1.5.5.7.19.3)" table with three 890 columns: 892 Decimal Description References 893 ------- ------------------------------ --------------------- 894 1 id-bvae-expired [RFC5055] 895 2 id-bvae-notYetValid [RFC5055] 896 3 id-bvae-wrongTrustAnchor [RFC5055] 897 4 id-bvae-noValidCertPath [RFC5055] 898 5 id-bvae-revoked [RFC5055] 899 9 id-bvae-invalidKeyPurpose [RFC5055] 900 10 id-bvae-invalidKeyUsage [RFC5055] 901 11 id-bvae-invalidCertPolicy [RFC5055] 902 12 id-bvae-invalidName Reserved and Obsolete 903 13 id-bvae-invalidEntity Reserved and Obsolete 904 14 id-bvae-invalidPathDepth Reserved and Obsolete 906 Future updates to this table require both Specification Required and 907 Expert Review as defined in [RFC5226]. 909 3.28. Add SMI Security for PKIX SCVP Distinguished Name Validation 910 Policy Errors Registry 912 Within the SMI-numbers registry, add a "SMI Security for PKIX SCVP 913 Distinguished Name Validation Policy Errors (1.3.6.1.5.5.7.19.4)" 914 table with three columns: 916 Decimal Description References 917 ------- ------------------------------ --------------------- 919 Note: This table is currently empty. 921 Future updates to this table require both Specification Required and 922 Expert Review as defined in [RFC5226]. 924 3.29. Add SMI Security for PKIX Other Logotype Identifiers Registry 926 Within the SMI-numbers registry, add a "SMI Security for PKIX Other 927 Logotype Identifiers (1.3.6.1.5.5.7.20)" table with three columns: 929 Decimal Description References 930 ------- ------------------------------ --------------------- 931 1 id-logo-loyalty [RFC3709] 932 2 id-logo-background [RFC3709] 933 3 id-logo-certImage [RFC6170] 935 Future updates to this table require both Specification Required and 936 Expert Review as defined in [RFC5226]. 938 3.30. Add SMI Security for PKIX Proxy Certificate Policy Languages 939 Registry 941 Within the SMI-numbers registry, add a "SMI Security for PKIX Proxy 942 Certificate Policy Languages (1.3.6.1.5.5.7.21)" table with three 943 columns: 945 Decimal Description References 946 ------- ------------------------------ --------------------- 947 1 id-ppl-anyLanguage [RFC3820] 948 2 id-ppl-inheritAll [RFC3820] 949 3 id-ppl-independent [RFC3820] 951 Future updates to this table require both Specification Required and 952 Expert Review as defined in [RFC5226]. 954 3.31. Add SMI Security for PKIX Proxy Matching Rules Registry 956 Within the SMI-numbers registry, add a "SMI Security for PKIX 957 Matching Rules (1.3.6.1.5.5.7.22)" table with three columns: 959 Decimal Description References 960 ------- ------------------------------ --------------------- 961 1 id-mr-pkix-alphanum-ids [RFC2985] 963 Future updates to this table require both Specification Required and 964 Expert Review as defined in [RFC5226]. 966 3.32. Add SMI Security for PKIX Subject Key Identifier Semantics 967 Registry 969 Within the SMI-numbers registry, add a "SMI Security for PKIX Subject 970 Key Identifier Semantics (1.3.6.1.5.5.7.23)" table with three 971 columns: 973 Decimal Description References 974 ------- ------------------------------ --------------------- 975 1 id-skis-keyHash Reserved and Obsolete 976 2 id-skis-4BitKeyHash Reserved and Obsolete 977 3 id-skis-keyInfoHash Reserved and Obsolete 979 Future updates to this table require both Specification Required and 980 Expert Review as defined in [RFC5226]. 982 3.33. Add SMI Security for PKIX Access Descriptor Registry 984 Within the SMI-numbers registry, add a "SMI Security for PKIX Access 985 Descriptors for the Authority Information Access Extension 986 (1.3.6.1.5.5.7.48)" table with three columns: 988 Decimal Description References 989 ------- ------------------------------ --------------------- 990 1 id-ad-ocsp [RFC2459] 991 2 id-ad-caIssuers [RFC2459] 992 3 id-ad-timestamping [RFC3161] 993 4 id-ad-dvcs [RFC3029] 994 5 id-ad-caRepository [RFC3280] 995 6 id-ad-http-certs [RFC4387] 996 7 id-ad-http-crls [RFC4387] 997 8 id-ad-xkms Reserved and Obsolete 998 9 id-ad-signedObjectRepository Reserved and Obsolete 999 10 id-ad-rpkiManifest [RFC6487] 1000 11 id-ad-signedObject [RFC6487] 1001 12 id-ad-cmc [RFC6402] 1003 Note: id-ad-ocsp is also known as id-pkix-ocsp. 1005 Future updates to this table require both Specification Required and 1006 Expert Review as defined in [RFC5226]. 1008 3.34. Add SMI Security for PKIX OCSP Registry 1010 Within the SMI-numbers registry, add a "SMI Security for PKIX Online 1011 Certificate Status Protocol (OCSP) (1.3.6.1.5.5.7.48.1)" table with 1012 three columns: 1014 Decimal Description References 1015 ------- ------------------------------ --------------------- 1016 1 id-pkix-ocsp-basic [RFC2560] 1017 2 id-pkix-ocsp-nonce [RFC2560] 1018 3 id-pkix-ocsp-crl [RFC2560] 1019 4 id-pkix-ocsp-response [RFC2560] 1020 5 id-pkix-ocsp-nocheck [RFC2560] 1021 6 id-pkix-ocsp-archive-cutoff [RFC2560] 1022 7 id-pkix-ocsp-service-locator [RFC2560] 1023 8 id-pkix-ocsp-pref-sig-algs [RFC6277] 1024 9 id-pkix-ocsp-extended-revoke [RFC6960] 1026 Future updates to this table require both Specification Required and 1027 Expert Review as defined in [RFC5226]. 1029 4. Security Considerations 1031 This document populates an IANA registry, and it raises no new 1032 security considerations. The protocols that specify these values 1033 include the security considerations associated with their usage. 1035 5. References 1037 5.1. Normative References 1039 [ASN1-88] International Telephone and Telegraph Consultative 1040 Committee, "Specification of Abstract Syntax Notation One 1041 (ASN.1)", CCITT Recommendation X.208, 1988. 1043 [ASN1-97] International Telecommunications Union, "Abstract Syntax 1044 Notation One (ASN.1): Specification of basic notation", 1045 ITU-T Recommendation X.680, 1997. 1047 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 1048 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 1049 May 2008. 1051 5.2. Informative References 1053 [Err3860] Errata for RFC 6402. 1054 [http://www.rfc-editor.org/errata_search.php?eid=3860] 1056 [ID-Abley] Abley, J., J. Schlyter, and G. Bailey, "DNSSEC Trust 1057 Anchor Publication for the Root Zone", Work in Progress, 1058 December 2013. 1059 [draft-jabley-dnssec-trust-anchor-08] 1061 [ID-BGPSEC] Reynolds, M., S. Turner, and S. Kent, "A Profile for 1062 BGPSEC Router Certificates, Certificate Revocation Lists, 1063 and Certification Requests", Work in Progress, September 1064 2013. 1065 [draft-ietf-sidr-bgpsec-pki-profiles-06] 1067 [ID-Housley] Housley, R., "Object Identifiers for Test Certificate 1068 Policies", Work in Progress, January 2014. 1069 [draft-housley-pkix-test-oids-00] 1071 [RFC2459] Housley, R., Ford, W., Polk, W., and D. Solo, "Internet 1072 X.509 Public Key Infrastructure Certificate and CRL 1073 Profile", RFC 2459, January 1999. 1075 [RFC2510] Adams, C. and S. Farrell, "Internet X.509 Public Key 1076 Infrastructure Certificate Management Protocols", 1077 RFC 2510, March 1999. 1079 [RFC2511] Myers, M., Adams, C., Solo, D., and D. Kemp, "Internet 1080 X.509 Certificate Request Message Format", RFC 2511, March 1081 1999. 1083 [RFC2528] Housley, R. and W. Polk, "Internet X.509 Public Key 1084 Infrastructure Representation of Key Exchange Algorithm 1085 (KEA) Keys in Internet X.509 Public Key Infrastructure 1086 Certificates", RFC 2528, March 1999. 1088 [RFC2560] Myers, M., Ankney, R., Malpani, A., Galperin, S., and C. 1089 Adams, "X.509 Internet Public Key Infrastructure Online 1090 Certificate Status Protocol - OCSP", RFC 2560, June 1999. 1092 [RFC2797] Myers, M., Liu, X., Schaad, J., and J. Weinstein, 1093 "Certificate Management Messages over CMS", RFC 2797, 1094 April 2000. 1096 [RFC2875] Prafullchandra, H. and J. Schaad, "Diffie-Hellman Proof- 1097 of-Possession Algorithms", RFC 2875, July 2000. 1099 [RFC2985] Nystrom, M. and B. Kaliski, "PKCS #9: Selected Object 1100 Classes and Attribute Types Version 2.0", RFC 2985, 1101 November 2000. 1103 [RFC3029] Adams, C., Sylvester, P., Zolotarev, M., and R. 1104 Zuccherato, "Internet X.509 Public Key Infrastructure Data 1105 Validation and Certification Server Protocols", RFC 3029, 1106 February 2001. 1108 [RFC3039] Santesson, S., Polk, W., Barzin, P., and M. Nystrom, 1109 "Internet X.509 Public Key Infrastructure Qualified 1110 Certificates Profile", RFC 3039, January 2001. 1112 [RFC3161] Adams, C., Cain, P., Pinkas, D., and R. Zuccherato, 1113 "Internet X.509 Public Key Infrastructure Time-Stamp 1114 Protocol (TSP)", RFC 3161, August 2001. 1116 [RFC3279] Bassham, L., Polk, W., and R. Housley, "Algorithms and 1117 Identifiers for the Internet X.509 Public Key 1118 Infrastructure Certificate and Certificate Revocation List 1119 (CRL) Profile", RFC 3279, April 2002. 1121 [RFC3280] Housley, R., Polk, W., Ford, W., and D. Solo, "Internet 1122 X.509 Public Key Infrastructure Certificate and 1123 Certificate Revocation List (CRL) Profile", RFC 3280, 1124 April 2002. 1126 [RFC3281] Farrell, S. and R. Housley, "An Internet Attribute 1127 Certificate Profile for Authorization", RFC 3281, April 1128 2002. 1130 [RFC3709] Santesson, S., Housley, R., and T. Freeman, "Internet 1131 X.509 Public Key Infrastructure: Logotypes in X.509 1132 Certificates", RFC 3709, February 2004. 1134 [RFC3739] Santesson, S., Nystrom, M., and T. Polk, "Internet X.509 1135 Public Key Infrastructure: Qualified Certificates 1136 Profile", RFC 3739, March 2004. 1138 [RFC3770] Housley, R. and T. Moore, "Certificate Extensions and 1139 Attributes Supporting Authentication in Point-to-Point 1140 Protocol (PPP) and Wireless Local Area Networks (WLAN)", 1141 RFC 3770, May 2004. 1143 [RFC3779] Lynn, C., Kent, S., and K. Seo, "X.509 Extensions for IP 1144 Addresses and AS Identifiers", RFC 3779, June 2004. 1146 [RFC3820] Tuecke, S., Welch, V., Engert, D., Pearlman, L., and M. 1147 Thompson, "Internet X.509 Public Key Infrastructure (PKI) 1148 Proxy Certificate Profile", RFC 3820, June 2004. 1150 [RFC3920] Saint-Andre, P., Ed., "Extensible Messaging and Presence 1151 Protocol (XMPP): Core", RFC 3920, October 2004. 1153 [RFC4043] Pinkas, D. and T. Gindin, "Internet X.509 Public Key 1154 Infrastructure Permanent Identifier", RFC 4043, May 2005. 1156 [RFC4055] Schaad, J., Kaliski, B., and R. Housley, "Additional 1157 Algorithms and Identifiers for RSA Cryptography for use in 1158 the Internet X.509 Public Key Infrastructure Certificate 1159 and Certificate Revocation List (CRL) Profile", RFC 4055, 1160 June 2005. 1162 [RFC4059] Linsenbardt, D., Pontius, S., and A. Sturgeon, "Internet 1163 X.509 Public Key Infrastructure Warranty Certificate 1164 Extension", RFC 4059, May 2005. 1166 [RFC4108] Housley, R., "Using Cryptographic Message Syntax (CMS) to 1167 Protect Firmware Packages", RFC 4108, August 2005. 1169 [RFC4210] Adams, C., Farrell, S., Kause, T., and T. Mononen, 1170 "Internet X.509 Public Key Infrastructure Certificate 1171 Management Protocol (CMP)", RFC 4210, September 2005. 1173 [RFC4306] Kaufman, C., Ed., "Internet Key Exchange (IKEv2) 1174 Protocol", RFC 4306, December 2005. 1176 [RFC4334] Housley, R. and T. Moore, "Certificate Extensions and 1177 Attributes Supporting Authentication in Point-to-Point 1178 Protocol (PPP) and Wireless Local Area Networks (WLAN)", 1179 RFC 4334, February 2006. 1181 [RFC4387] Gutmann, P., Ed., "Internet X.509 Public Key 1182 Infrastructure Operational Protocols: Certificate Store 1183 Access via HTTP", RFC 4387, February 2006. 1185 [RFC4476] Francis, C. and D. Pinkas, "Attribute Certificate (AC) 1186 Policies Extension", RFC 4476, May 2006. 1188 [RFC4683] Park, J., Lee, J., . Lee, H., Park, S., and T. Polk, 1189 "Internet X.509 Public Key Infrastructure Subject 1190 Identification Method (SIM)", RFC 4683, October 2006. 1192 [RFC4945] Korver, B., "The Internet IP Security PKI Profile of 1193 IKEv1/ISAKMP, IKEv2, and PKIX", RFC 4945, August 2007. 1195 [RFC4985] Santesson, S., "Internet X.509 Public Key Infrastructure 1196 Subject Alternative Name for Expression of Service Name", 1197 RFC 4985, August 2007. 1199 [RFC5055] Freeman, T., Housley, R., Malpani, A., Cooper, D., and W. 1200 Polk, "Server-Based Certificate Validation Protocol 1201 (SCVP)", RFC 5055, December 2007. 1203 [RFC5272] Schaad, J. and M. Myers, "Certificate Management over CMS 1204 (CMC)", RFC 5272, June 2008. 1206 [RFC5275] Turner, S., "CMS Symmetric Key Management and 1207 Distribution", RFC 5275, June 2008. 1209 [RFC5276] Wallace, C., "Using the Server-Based Certificate 1210 Validation Protocol (SCVP) to Convey Long-Term Evidence 1211 Records", RFC 5276, August 2008. 1213 [RFC5415] Calhoun, P., Ed., Montemurro, M., Ed., and D. Stanley, 1214 Ed., "Control And Provisioning of Wireless Access Points 1215 (CAPWAP) Protocol Specification", RFC 5415, March 2009. 1217 [RFC5480] Turner, S., Brown, D., Yiu, K., Housley, R., and T. Polk, 1218 "Elliptic Curve Cryptography Subject Public Key 1219 Information", RFC 5480, March 2009. 1221 [RFC5697] Farrell, S., "Other Certificates Extension", RFC 5697, 1222 November 2009. 1224 [RFC5755] Farrell, S., Housley, R., and S. Turner, "An Internet 1225 Attribute Certificate Profile for Authorization", 1226 RFC 5755, January 2010. 1228 [RFC5912] Hoffman, P. and J. Schaad, "New ASN.1 Modules for the 1229 Public Key Infrastructure Using X.509 (PKIX)", RFC 5912, 1230 June 2010. 1232 [RFC5913] Turner, S. and S. Chokhani, "Clearance Attribute and 1233 Authority Clearance Constraints Certificate Extension", 1234 RFC 5913, June 2010. 1236 [RFC5915] Turner, S. and D. Brown, "Elliptic Curve Private Key 1237 Structure", RFC 5915, June 2010. 1239 [RFC5924] Lawrence, S. and V. Gurbani, "Extended Key Usage (EKU) for 1240 Session Initiation Protocol (SIP) X.509 Certificates", 1241 RFC 5924, June 2010. 1243 [RFC5934] Housley, R., Ashmore, S., and C. Wallace, "Trust Anchor 1244 Management Protocol (TAMP)", RFC 5934, August 2010. 1246 [RFC5940] Turner, S. and R. Housley, "Additional Cryptographic 1247 Message Syntax (CMS) Revocation Information Choices", 1248 RFC 5940, August 2010. 1250 [RFC6010] Housley, R., Ashmore, S., and C. Wallace, "Cryptographic 1251 Message Syntax (CMS) Content Constraints Extension", 1252 RFC 6010, September 2010. 1254 [RFC6170] Santesson, S., Housley, R., Bajaj, S., and L. Rosenthol, 1255 "Internet X.509 Public Key Infrastructure -- Certificate 1256 Image", RFC 6170, May 2011. 1258 [RFC6187] Igoe, K. and D. Stebila, "X.509v3 Certificates for Secure 1259 Shell Authentication", RFC 6187, March 2011. 1261 [RFC6268] Schaad, J. and S. Turner, "Additional New ASN.1 Modules 1262 for the Cryptographic Message Syntax (CMS) and the Public 1263 Key Infrastructure Using X.509 (PKIX)", RFC 6268, July 1264 2011. 1266 [RFC6277] Santesson, S. and P. Hallam-Baker, "Online Certificate 1267 Status Protocol Algorithm Agility", RFC 6277, June 2011. 1269 [RFC6402] Schaad, J., "Certificate Management over CMS (CMC) 1270 Updates", RFC 6402, November 2011. 1272 [RFC6484] Kent, S., Kong, D., Seo, K., and R. Watro, "Certificate 1273 Policy (CP) for the Resource Public Key Infrastructure 1274 (RPKI)", BCP 173, RFC 6484, February 2012. 1276 [RFC6487] Huston, G., Michaelson, G., and R. Loomans, "A Profile for 1277 X.509 PKIX Resource Certificates", RFC 6487, February 1278 2012. 1280 [RFC6494] Gagliano, R., Krishnan, S., and A. Kukec, "Certificate 1281 Profile and Certificate Management for SEcure Neighbor 1282 Discovery (SEND)", RFC 6494, February 2012. 1284 [RFC6664] Schaad, J., "S/MIME Capabilities for Public Key 1285 Definitions", RFC 6664, July 2012. 1287 [RFC6955] Schaad, J. and H. Prafullchandra, "Diffie-Hellman Proof- 1288 of-Possession Algorithms", RFC 6955, May 2013. 1290 [RFC6960] Santesson, S., Myers, M., Ankney, R., Malpani, A., 1291 Galperin, S., and C. Adams, "X.509 Internet Public Key 1292 Infrastructure Online Certificate Status Protocol - OCSP", 1293 RFC 6960, June 2013. 1295 Acknowledgements 1297 Many thanks to David Cooper, Jim Schaad, and Sean Turner for their 1298 careful review and comments. 1300 Author's Address 1302 Russ Housley 1303 918 Spring Knoll Drive 1304 Herndon, VA 20170 1305 USA 1306 EMail: housley@vigilsec.com