idnits 2.17.00 (12 Aug 2021) /tmp/idnits56582/draft-housley-pkix-oids-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (1 April 2014) is 2972 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- ** Obsolete normative reference: RFC 5226 (Obsoleted by RFC 8126) == Outdated reference: draft-jabley-dnssec-trust-anchor has been published as RFC 7958 == Outdated reference: draft-ietf-sidr-bgpsec-pki-profiles has been published as RFC 8209 == Outdated reference: draft-housley-pkix-test-oids has been published as RFC 7229 -- Obsolete informational reference (is this intentional?): RFC 2459 (Obsoleted by RFC 3280) -- Obsolete informational reference (is this intentional?): RFC 2510 (Obsoleted by RFC 4210) -- Obsolete informational reference (is this intentional?): RFC 2511 (Obsoleted by RFC 4211) -- Obsolete informational reference (is this intentional?): RFC 2560 (Obsoleted by RFC 6960) -- Obsolete informational reference (is this intentional?): RFC 2797 (Obsoleted by RFC 5272) -- Obsolete informational reference (is this intentional?): RFC 2875 (Obsoleted by RFC 6955) -- Obsolete informational reference (is this intentional?): RFC 3039 (Obsoleted by RFC 3739) -- Obsolete informational reference (is this intentional?): RFC 3280 (Obsoleted by RFC 5280) -- Obsolete informational reference (is this intentional?): RFC 3281 (Obsoleted by RFC 5755) -- Obsolete informational reference (is this intentional?): RFC 3770 (Obsoleted by RFC 4334) -- Obsolete informational reference (is this intentional?): RFC 3920 (Obsoleted by RFC 6120) -- Obsolete informational reference (is this intentional?): RFC 4306 (Obsoleted by RFC 5996) -- Obsolete informational reference (is this intentional?): RFC 6277 (Obsoleted by RFC 6960) -- Duplicate reference: RFC6402, mentioned in 'RFC6402', was also mentioned in 'Err3860'. Summary: 1 error (**), 0 flaws (~~), 4 warnings (==), 15 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 INTERNET-DRAFT R. Housley 3 Intended Status: Informational Vigil Security 4 Expires: 1 October 2014 1 April 2014 6 Object Identifier Registry for the PKIX Working Group 7 9 Abstract 11 When the Public-Key Infrastructure using X.509 (PKIX) Working Group 12 was chartered, an object identifier arc was was allocated by IANA for 13 use by that working group. This document describes the object 14 identifiers that were assigned in that arc, it returns control of 15 that arc to IANA, and it establishes IANA allocation policies for any 16 future assignments within that arc. 18 Status of this Memo 20 This Internet-Draft is submitted to IETF in full conformance with the 21 provisions of BCP 78 and BCP 79. 23 Internet-Drafts are working documents of the Internet Engineering 24 Task Force (IETF), its areas, and its working groups. Note that 25 other groups may also distribute working documents as 26 Internet-Drafts. 28 Internet-Drafts are draft documents valid for a maximum of six months 29 and may be updated, replaced, or obsoleted by other documents at any 30 time. It is inappropriate to use Internet-Drafts as reference 31 material or to cite them other than as "work in progress." 33 The list of current Internet-Drafts can be accessed at 34 http://www.ietf.org/1id-abstracts.html 36 The list of Internet-Draft Shadow Directories can be accessed at 37 http://www.ietf.org/shadow.html 39 Copyright and License Notice 41 Copyright (c) 2014 IETF Trust and the persons identified as the 42 document authors. All rights reserved. 44 This document is subject to BCP 78 and the IETF Trust's Legal 45 Provisions Relating to IETF Documents 46 (http://trustee.ietf.org/license-info) in effect on the date of 47 publication of this document. Please review these documents 48 carefully, as they describe your rights and restrictions with respect 49 to this document. Code Components extracted from this document must 50 include Simplified BSD License text as described in Section 4.e of 51 the Trust Legal Provisions and are provided without warranty as 52 described in the Simplified BSD License. 54 Table of Contents 56 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 57 2. Subordinate Object Identifier Arcs . . . . . . . . . . . . . . 4 58 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 59 3.1. Update to SMI Security for Mechanism Codes Registry . . . 6 60 3.2. Add SMI Security for PKIX Registry . . . . . . . . . . . . 7 61 3.3. Add SMI Security for PKIX Module Identifier Registry . . . 7 62 3.4. Add SMI Security for PKIX Certificate Extension Registry . 9 63 3.5. Add SMI Security for PKIX Policy Qualifier Registry . . . 10 64 3.6. Add SMI Security for PKIX Extended Key Purpose Registry . 10 65 3.7. Add SMI Security for PKIX CMP Information Types Registry . 11 66 3.8. Add SMI Security for PKIX CRMF Registration Registry . . . 12 67 3.9. Add SMI Security for PKIX CRMF Registration Controls 68 Registry . . . . . . . . . . . . . . . . . . . . . . . . . 12 69 3.10. Add SMI Security for PKIX CRMF Registration Information 70 Registry . . . . . . . . . . . . . . . . . . . . . . . . 13 71 3.11. Add SMI Security for PKIX Algorithms Registry . . . . . . 13 72 3.12. Add SMI Security for PKIX CMC Controls Registry . . . . . 14 73 3.13. Add SMI Security for PKIX CMC GLA Requests and 74 Responses Registry . . . . . . . . . . . . . . . . . . . 15 75 3.14. Add SMI Security for PKIX Other Name Forms Registry . . . 15 76 3.15. Add SMI Security for PKIX Personal Data Attributes 77 Registry . . . . . . . . . . . . . . . . . . . . . . . . 15 78 3.16. Add SMI Security for PKIX Attribute Certificate 79 Attributes Registry . . . . . . . . . . . . . . . . . . . 16 80 3.17. Add SMI Security for PKIX Qualified Certificate 81 Statements Registry . . . . . . . . . . . . . . . . . . . 16 82 3.18. Add SMI Security for PKIX CMC Content Types Registry . . 16 83 3.19. Add SMI Security for PKIX OIDs used Only for Testing 84 Registry . . . . . . . . . . . . . . . . . . . . . . . . 17 85 3.20. Add SMI Security for PKIX Certificate Policies Registry . 17 86 3.21. Add SMI Security for PKIX CMC Error Types Registry . . . 17 87 3.22. Add SMI Security for PKIX Revocation Information Types 88 Registry . . . . . . . . . . . . . . . . . . . . . . . . 18 90 3.23. Add SMI Security for PKIX SCVP Check Types Registry . . . 18 91 3.24. Add SMI Security for PKIX SCVP Want Back Types Registry . 18 92 3.25. Add SMI Security for PKIX SCVP Validation Policies and 93 Algorithms Registry . . . . . . . . . . . . . . . . . . . 19 94 3.26. Add SMI Security for PKIX SCVP Name Validation Policy 95 Errors Registry . . . . . . . . . . . . . . . . . . . . . 20 96 3.27. Add SMI Security for PKIX SCVP Basic Validation Policy 97 Errors Registry . . . . . . . . . . . . . . . . . . . . . 20 98 3.28. Add SMI Security for PKIX SCVP Distinguished Name 99 Validation Policy Errors Registry . . . . . . . . . . . . 21 100 3.29. Add SMI Security for PKIX Other Logotype Identifiers 101 Registry . . . . . . . . . . . . . . . . . . . . . . . . 21 102 3.30. Add SMI Security for PKIX Proxy Certificate Policy 103 Languages Registry . . . . . . . . . . . . . . . . . . . 21 104 3.31. Add SMI Security for PKIX Proxy Matching Rules Registry . 22 105 3.32. Add SMI Security for PKIX Subject Key Identifier 106 Semantics Registry . . . . . . . . . . . . . . . . . . . 22 107 3.33. Add SMI Security for PKIX Access Descriptor Registry . . 22 108 3.34. Add SMI Security for PKIX OCSP Registry . . . . . . . . . 23 109 4. Security Considerations . . . . . . . . . . . . . . . . . . . 23 110 5. References . . . . . . . . . . . . . . . . . . . . . . . . . . 23 111 5.1. Normative References . . . . . . . . . . . . . . . . . . . 23 112 5.2. Informative References . . . . . . . . . . . . . . . . . . 24 113 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . . 29 114 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 30 116 1. Introduction 118 When the Public-Key Infrastructure using X.509 (PKIX) Working Group 119 was chartered, an object identifier arc was was allocated by IANA for 120 use by that working group. These object identifiers are primarily 121 used with Abstract Syntax Notation One (ASN.1) [ASN1-88] [ASN1-97]. 122 The ASN.1 specifications continue to evolve, but object identifiers 123 can be used with any and all versions of ASN.1. 125 The PKIX object identifier arc is: 127 id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) 128 dod(6) internet(1) security(5) mechanisms(5) pkix(7) } 130 This document describes the object identifiers that were assigned in 131 the PKIX arc, it returns control of the PKIX arc to IANA, and it 132 establishes IANA allocation policies for any future assignments 133 within the PKIX arc. 135 2. Subordinate Object Identifier Arcs 137 Twenty-five subordinate object identifier arcs were used, numbered 138 from 0 to 23 and 48. In addition, seven of these arcs include 139 further subordinate arcs. They were assigned as follows: 141 -- ASN.1 modules 142 id-mod OBJECT IDENTIFIER ::= { id-pkix 0 } 144 -- PKIX certificate extensions 145 id-pe OBJECT IDENTIFIER ::= { id-pkix 1 } 147 -- Policy qualifier types 148 id-qt OBJECT IDENTIFIER ::= { id-pkix 2 } 150 -- Extended key purpose identifiers 151 id-kp OBJECT IDENTIFIER ::= { id-pkix 3 } 153 -- CMP information types 154 id-it OBJECT IDENTIFIER ::= { id-pkix 4 } 156 -- CRMF registration 157 id-pkip OBJECT IDENTIFIER ::= { id-pkix 5 } 159 -- CRMF registration controls 160 id-regCtrl OBJECT IDENTIFIER ::= { id-pkix 5 1 } 162 -- CRMF registration information 163 id-regInfo OBJECT IDENTIFIER ::= { id-pkix 5 2 } 164 -- Algorithms 165 id-alg OBJECT IDENTIFIER ::= { id-pkix 6 } 167 -- CMC controls 168 id-cmc OBJECT IDENTIFIER ::= { id-pkix 7 } 170 -- CMC GLA Requests and Responses 171 id-cmc-glaRR OBJECT IDENTIFIER ::= { id-pkix 7 99 } 173 -- Other name forms 174 id-on OBJECT IDENTIFIER ::= { id-pkix 8 } 176 -- Personal data attribute 177 id-pda OBJECT IDENTIFIER ::= { id-pkix 9 } 179 -- Attribute certificate attributes 180 id-aca OBJECT IDENTIFIER ::= { id-pkix 10 } 182 -- Qualified certificate statements 183 id-qcs OBJECT IDENTIFIER ::= { id-pkix 11 } 185 -- CMC content types 186 id-cct OBJECT IDENTIFIER ::= { id-pkix 12 } 188 -- OIDs for TESTING ONLY 189 id-TEST OBJECT IDENTIFIER ::= { id-pkix 13 } 191 -- Certificate policies 192 id-cp OBJECT IDENTIFIER ::= { id-pkix 14 } 194 -- CMC error types 195 id-cet OBJECT IDENTIFIER ::= { id-pkix 15 } 197 -- Revocation information types 198 id-ri OBJECT IDENTIFIER ::= { id-pkix 16 } 200 -- SCVP check type 201 id-sct OBJECT IDENTIFIER ::= { id-pkix 17 } 203 -- SCVP want back types 204 id-swb OBJECT IDENTIFIER ::= { id-pkix 18 } 206 -- SCVP validation policies 207 id-svp OBJECT IDENTIFIER ::= { id-pkix 19 } 209 -- SCVP name validation policy errors 210 id-nvae OBJECT IDENTIFIER ::= { id-pkix 19 2 } 211 -- SCVP basic validation policy errors 212 id-bvae OBJECT IDENTIFIER ::= { id-pkix 19 3 } 214 -- SCVP distinguished name validation policy errors 215 id-dnvae OBJECT IDENTIFIER ::= { id-pkix 19 4 } 217 -- Other logotype identifiers 218 id-logo OBJECT IDENTIFIER ::= { id-pkix 20 } 220 -- Proxy certificate policy languages 221 id-ppl OBJECT IDENTIFIER ::= { id-pkix 21 } 223 -- Matching rules 224 id-mr OBJECT IDENTIFIER ::= { id-pkix 22 } 226 -- Subject key identifier semantics 227 id-skis OBJECT IDENTIFIER ::= { id-pkix 23 } 229 -- Access descriptors 230 id-ad OBJECT IDENTIFIER ::= { id-pkix 48 } 232 -- Online Certificate Status Protocol 233 id-pkix-ocsp OBJECT IDENTIFIER ::= { id-pkix 48 1 } 235 The values assigned in each of these subordinate object identifier 236 arcs are discussed in the next section. 238 3. IANA Considerations 240 IANA is asked to update one registry table and create 31 additional 241 tables. 243 Updates to the new tables require both Specification Required and 244 Expert Review as defined in [RFC5226]. The expert is expected to 245 ensure that any new values are strongly related to the work that was 246 done by the PKIX Working Group. That is, additional object 247 identifiers are to be related to X.509 certificate, X.509 attribute 248 certificates, X.509 certificate revocation lists (CRLs), or protocols 249 associated with them. Object identifiers for other purposes should 250 not be assigned in this arc. 252 3.1. Update to SMI Security for Mechanism Codes Registry 254 Please update the reference in the Public-Key Infrastructure using 255 X.509 (PKIX) entry (decimal value 7) to points to this document. 257 3.2. Add SMI Security for PKIX Registry 259 Within the SMI-numbers registry, add a "PKIX (1.3.6.1.5.5.7)" table 260 with three columns: 262 Decimal Description References 263 ------- -------------------------------------- ---------- 264 0 Module identifiers {This RFC} 265 1 PKIX certificate extensions {This RFC} 266 2 Policy qualifier types {This RFC} 267 3 Extended key purpose identifiers {This RFC} 268 4 CMP information types {This RFC} 269 5 CRMF registration {This RFC} 270 6 Algorithms {This RFC} 271 7 CMC controls {This RFC} 272 8 Other name forms {This RFC} 273 9 Personal data attribute {This RFC} 274 10 Attribute certificate attributes {This RFC} 275 11 Qualified certificate statements {This RFC} 276 12 CMC content types {This RFC} 277 13 OIDs for TESTING ONLY {This RFC} 278 14 Certificate policies {This RFC} 279 15 CMC error types {This RFC} 280 16 Revocation information types {This RFC} 281 17 SCVP check type {This RFC} 282 18 SCVP want back types {This RFC} 283 19 SCVP validation policies {This RFC} 284 20 Other logotype identifiers {This RFC} 285 21 Proxy certificate policy languages {This RFC} 286 22 Matching rules {This RFC} 287 23 Subject key identifier semantics {This RFC} 288 48 Access descriptors {This RFC} 290 Future updates to this table require both Specification Required and 291 Expert Review as defined in [RFC5226]. 293 3.3. Add SMI Security for PKIX Module Identifier Registry 295 Within the SMI-numbers registry, add a "SMI Security for PKIX Module 296 Identifier (1.3.6.1.5.5.7.0)" table with three columns: 298 Decimal Description References 299 ------- ------------------------------- --------------------- 300 1 id-pkix1-explicit-88 [RFC2459] 301 2 id-pkix1-implicit-88 [RFC2459] 302 3 id-pkix1-explicit-93 [RFC2459] 303 4 id-pkix1-implicit-93 [RFC2459] 304 5 id-mod-crmf [RFC2511] 305 6 id-mod-cmc [RFC2797] 306 7 id-mod-kea-profile-88 [RFC2528] 307 8 id-mod-kea-profile-93 [RFC2528] 308 9 id-mod-cmp [RFC2510] 309 10 id-mod-qualified-cert-88 [RFC3039] 310 11 id-mod-qualified-cert-93 [RFC3039] 311 12 id-mod-attribute-cert [RFC3281] 312 13 id-mod-tsp [RFC3161] 313 14 id-mod-ocsp [RFC3029] 314 15 id-mod-dvcs [RFC3029] 315 16 id-mod-cmp2000 [RFC4210] 316 17 id-mod-pkix1-algorithms [RFC3279] 317 18 id-mod-pkix1-explicit [RFC3280] 318 19 id-mod-pkix1-implicit [RFC3280] 319 20 id-mod-user-group Reserved and Obsolete 320 21 id-mod-scvp [RFC5055] 321 22 id-mod-logotype [RFC3709] 322 23 id-mod-cmc2002 [RFC5272] 323 24 id-mod-wlan-extns [RFC3770] 324 25 id-mod-proxy-cert-extns [RFC3820] 325 26 id-mod-ac-policies [RFC4476] 326 27 id-mod-warranty-extn [RFC4059] 327 28 id-mod-perm-id-88 [RFC4043] 328 29 id-mod-perm-id-93 [RFC4043] 329 30 id-mod-ip-addr-and-as-ident [RFC3779] 330 31 id-mod-qualified-cert [RFC3739] 331 32 id-mod-crmf2003 Reserved and Obsolete 332 33 id-mod-pkix1-rsa-pkalgs [RFC4055] 333 34 id-mod-cert-bundle [RFC4306] 334 35 id-mod-qualified-cert-97 [RFC3739] 335 36 id-mod-crmf2005 [RFC4210] 336 37 id-mod-wlan-extns2005 [RFC4334] 337 38 id-mod-sim2005 [RFC4683] 338 39 id-mod-dns-srv-name-88 [RFC4985] 339 40 id-mod-dns-srv-name-93 [RFC4985] 340 41 id-mod-cmsContentConstr-88 [RFC6010] 341 42 id-mod-cmsContentConstr-93 [RFC6010] 342 43 id-mod-pkixCommon Reserved and Obsolete 343 44 id-mod-pkixOtherCerts [RFC5697] 344 45 id-mod-pkix1-algorithms2008 [RFC5480] 345 46 id-mod-clearanceConstraints [RFC5913] 346 47 id-mod-attribute-cert-02 [RFC5912] 347 48 id-mod-ocsp-02 [RFC5912] 348 49 id-mod-v1AttrCert-02 [RFC5912] 349 50 id-mod-cmp2000-02 [RFC5912] 350 51 id-mod-pkix1-explicit-02 [RFC5912] 351 52 id-mod-scvp-02 [RFC5912] 352 53 id-mod-cmc2002-02 [RFC5912] 353 54 id-mod-pkix1-rsa-pkalgs-02 [RFC5912] 354 55 id-mod-crmf2005-02 [RFC5912] 355 56 id-mod-pkix1-algorithms2008-02 [RFC5912] 356 57 id-mod-pkixCommon-02 [RFC5912] 357 58 id-mod-algorithmInformation-02 [RFC5912] 358 59 id-mod-pkix1-implicit-02 [RFC5912] 359 60 id-mod-pkix1-x400address-02 [RFC5912] 360 61 id-mod-attribute-cert-v2 [RFC5755] 361 62 id-mod-sip-domain-extns2007 [RFC5924] 362 63 id-mod-cms-otherRIs-2009-88 [RFC5940] 363 64 id-mod-cms-otherRIs-2009-93 [RFC5940] 364 65 id-mod-ecprivatekey [RFC5915] 365 66 id-mod-ocsp-agility-2009-93 [RFC6277] 366 67 id-mod-ocsp-agility-2009-88 [RFC6277] 367 68 id-mod-logotype-certimage [RFC6170] 368 69 id-mod-pkcs10-2009 [RFC5912] 369 70 id-mod-dns-resource-record [ID-Abley] 370 71 id-mod-send-cert-extns [RFC6494] 371 72 id-mod-ip-addr-and-as-ident-2 [RFC6268] 372 73 id-mod-wlan-extns-2 [RFC6268] 373 74 id-mod-hmac [RFC6268] 374 75 id-mod-enrollMsgSyntax-2011-88 [RFC6402][Err3860] 375 76 id-mod-enrollMsgSyntax-2011-08 [RFC6402] 376 77 id-mod-pubKeySMIMECaps-88 [RFC6664] 377 78 id-mod-pubKeySMIMECaps-08 [RFC6664] 378 79 id-mod-dhSign-2012-88 [RFC6955] 379 80 id-mod-dhSign-2012-08 [RFC6955] 380 81 id-mod-ocsp-2013-88 [RFC6960] 381 82 id-mod-ocsp-2013-08 [RFC6960] 382 83 id-mod-TEST-certPolicies [ID-Housley] 383 84 id-mod-bgpsec-eku [ID-BGPSEC] 385 Future updates to this table require both Specification Required and 386 Expert Review as defined in [RFC5226]. 388 3.4. Add SMI Security for PKIX Certificate Extension Registry 390 Within the SMI-numbers registry, add a "SMI Security for PKIX 391 Certificate Extension (1.3.6.1.5.5.7.1)" table with three columns: 393 Decimal Description References 394 ------- ------------------------------ --------------------- 395 1 id-pe-authorityInfoAccess [RFC2459] 396 2 id-pe-biometricInfo [RFC3039] 397 3 id-pe-qcStatements [RFC3039] 398 4 id-pe-ac-auditIdentity [RFC3281] 399 5 id-pe-ac-targeting Reserved and Obsolete 400 6 id-pe-aaControls [RFC3281] 401 7 id-pe-ipAddrBlock [RFC3779] 402 8 id-pe-autonomousSysId [RFC3779] 403 9 id-pe-sbgp-routerIdentifier Reserved and Obsolete 404 10 id-pe-ac-proxying [RFC3281] 405 11 id-pe-subjectInfoAccess [RFC3280] 406 12 id-pe-logotype [RFC3709] 407 13 id-pe-wlanSSID [RFC4334] 408 14 id-pe-proxyCertInfo [RFC3820] 409 15 id-pe-acPolicies [RFC4476] 410 16 id-pe-warranty [RFC4059] 411 17 id-pe-sim Reserved and Obsolete 412 18 id-pe-cmsContentConstraints [RFC6010] 413 19 id-pe-otherCerts [RFC5697] 414 20 id-pe-wrappedApexContinKey [RFC5934] 415 21 id-pe-clearanceConstraints [RFC5913] 416 22 id-pe-skiSemantics Reserved and Obsolete 417 23 id-pe-nsa [RFC7169] 419 Future updates to this table require both Specification Required and 420 Expert Review as defined in [RFC5226]. 422 3.5. Add SMI Security for PKIX Policy Qualifier Registry 424 Within the SMI-numbers registry, add a "SMI Security for PKIX Policy 425 Qualifier Identifiers (1.3.6.1.5.5.7.2)" table with three columns: 427 Decimal Description References 428 ------- ------------------------------ --------------------- 429 1 id-qt-cps [RFC2459] 430 2 id-qt-unotice [RFC2459] 431 3 id-qt-textNotice Reserved and Obsolete 432 4 id-qt-acps [RFC4476] 433 5 id-qt-acunotice [RFC4476] 435 Future updates to this table require both Specification Required and 436 Expert Review as defined in [RFC5226]. 438 3.6. Add SMI Security for PKIX Extended Key Purpose Registry 440 Within the SMI-numbers registry, add a "SMI Security for PKIX 441 Extended Key Purpose Identifiers (1.3.6.1.5.5.7.3)" table with three 442 columns: 444 Decimal Description References 445 ------- ------------------------------ --------------------- 446 1 id-kp-serverAuth [RFC2459] 447 2 id-kp-clientAuth [RFC2459] 448 3 id-kp-codeSigning [RFC2459] 449 4 id-kp-emailProtection [RFC2459] 450 5 id-kp-ipsecEndSystem Reserved and Obsolete 451 6 id-kp-ipsecTunnel Reserved and Obsolete 452 7 id-kp-ipsecUser Reserved and Obsolete 453 8 id-kp-timeStamping [RFC2459] 454 9 id-kp-OCSPSigning [RFC2560] 455 10 id-kp-dvcs [RFC3029] 456 11 id-kp-sbgpCertAAServerAuth Reserved and Obsolete 457 12 id-kp-scvp-responder Reserved and Obsolete 458 13 id-kp-eapOverPPP [RFC4334] 459 14 id-kp-eapOverLAN [RFC4334] 460 15 id-kp-scvpServer [RFC5055] 461 16 id-kp-scvpClient [RFC5055] 462 17 id-kp-ipsecIKE [RFC4945] 463 18 id-kp-capwapAC [RFC5415] 464 19 id-kp-capwapWTP [RFC5415] 465 20 id-kp-sipDomain [RFC5924] 466 21 id-kp-secureShellClient [RFC6187] 467 22 id-kp-secureShellServer [RFC6187] 468 23 id-kp-sendRouter [RFC6494] 469 24 id-kp-sendProxy [RFC6494] 470 25 id-kp-sendOwner [RFC6494] 471 26 id-kp-sendProxiedOwner [RFC6494] 472 27 id-kp-cmcCA [RFC6402] 473 28 id-kp-cmcRA [RFC6402] 474 29 id-kp-cmcArchive [RFC6402] 475 30 id-kp-bgpsec-router [ID-BGPSEC] 477 Future updates to this table require both Specification Required and 478 Expert Review as defined in [RFC5226]. 480 3.7. Add SMI Security for PKIX CMP Information Types Registry 482 Within the SMI-numbers registry, add a "SMI Security for PKIX CMP 483 Information Types (1.3.6.1.5.5.7.4)" table with three columns: 485 Decimal Description References 486 ------- ------------------------------ --------------------- 487 1 id-it-caProtEncCert [RFC2510] 488 2 id-it-signKeyPairTypes [RFC2510] 489 3 id-it-encKeyPairTypes [RFC2510] 490 4 id-it-preferredSymmAlg [RFC2510] 491 5 id-it-caKeyUpdateInfo [RFC2510] 492 6 id-it-currentCRL [RFC2510] 493 7 id-it-unsupportedOIDs [RFC4210] 494 8 id-it-subscriptionRequest Reserved and Obsolete 495 9 id-it-subscriptionResponse Reserved and Obsolete 496 10 id-it-keyPairParamReq [RFC4210] 497 11 id-it-keyPairParamRep [RFC4210] 498 12 id-it-revPassphrase [RFC4210] 499 13 id-it-implicitConfirm [RFC4210] 500 14 id-it-confirmWaitTime [RFC4210] 501 15 id-it-origPKIMessage [RFC4210] 502 16 id-it-suppLangTags [RFC4210] 504 Future updates to this table require both Specification Required and 505 Expert Review as defined in [RFC5226]. 507 3.8. Add SMI Security for PKIX CRMF Registration Registry 509 Within the SMI-numbers registry, add a "SMI Security for PKIX CRMF 510 Registration (1.3.6.1.5.5.7.5)" table with three columns: 512 Decimal Description References 513 ------- ------------------------------ --------------------- 514 1 id-regCtrl [RFC2511] 515 2 id-regInfo [RFC2511] 516 3 id-regEPEPSI [RFC4683] 518 Future updates to this table require both Specification Required and 519 Expert Review as defined in [RFC5226]. 521 3.9. Add SMI Security for PKIX CRMF Registration Controls Registry 523 Within the SMI-numbers registry, add a "SMI Security for PKIX CRMF 524 Registration Controls (1.3.6.1.5.5.7.5.1)" table with three columns: 526 Decimal Description References 527 ------- ------------------------------ --------------------- 528 1 id-regCtrl-regToken [RFC2511] 529 2 id-regCtrl-authenticator [RFC2511] 530 3 id-regCtrl-pkiPublicationInfo [RFC2511] 531 4 id-regCtrl-pkiArchiveOptions [RFC2511] 532 5 id-regCtrl-oldCertID [RFC2511] 533 6 id-regCtrl-protocolEncrKey [RFC2511] 534 7 id-regCtrl-altCertTemplate [RFC4210] 535 8 id-regCtrl-wtlsTemplate Reserved and Obsolete 536 9 id-regCtrl-regTokenUTF8 Reserved and Obsolete 537 10 id-regCtrl-authenticatorUTF8 Reserved and Obsolete 539 Future updates to this table require both Specification Required and 540 Expert Review as defined in [RFC5226]. 542 3.10. Add SMI Security for PKIX CRMF Registration Information Registry 544 Within the SMI-numbers registry, add a "SMI Security for PKIX CRMF 545 Registration Information (1.3.6.1.5.5.7.5.2)" table with three 546 columns: 548 Decimal Description References 549 ------- ------------------------------ --------------------- 550 1 id-regInfo-utf8Pairs [RFC2511] 551 2 id-regInfo-certReq [RFC2511] 553 Future updates to this table require both Specification Required and 554 Expert Review as defined in [RFC5226]. 556 3.11. Add SMI Security for PKIX Algorithms Registry 558 Within the SMI-numbers registry, add a "SMI Security for PKIX 559 Algorithms (1.3.6.1.5.5.7.6)" table with three columns: 561 Decimal Description References 562 ------- ------------------------------ --------------------- 563 1 id-alg-des40 Reserved and Obsolete 564 2 id-alg-noSignature [RFC2797] 565 3 id-alg-dh-sig-hmac-sha1 [RFC2875] 566 4 id-alg-dhPop-sha1 [RFC2875] 567 5 id-alg-dhPop-sha224 [RFC6955] 568 6 id-alg-dhPop-sha256 [RFC6955] 569 7 id-alg-dhPop-sha384 [RFC6955] 570 8 id-alg-dhPop-sha512 [RFC6955] 571 15 id-alg-dhPop-static-sha224-hmac-sha224 [RFC6955] 572 16 id-alg-dhPop-static-sha256-hmac-sha256 [RFC6955] 573 17 id-alg-dhPop-static-sha384-hmac-sha384 [RFC6955] 574 18 id-alg-dhPop-static-sha512-hmac-sha512 [RFC6955] 575 25 id-alg-ecdhPop-static-sha224-hmac-sha224 [RFC6955] 576 26 id-alg-ecdhPop-static-sha256-hmac-sha256 [RFC6955] 577 27 id-alg-ecdhPop-static-sha384-hmac-sha384 [RFC6955] 578 28 id-alg-ecdhPop-static-sha512-hmac-sha512 [RFC6955] 580 Note: id-alg-dhPop-sha1 is also known as id-alg-dh-pop. 582 Note: id-alg-dh-sig-hmac-sha1 is also known as 583 id-alg-dhPop-static-sha1-hmac-sha1. 585 Future updates to this table require both Specification Required and 586 Expert Review as defined in [RFC5226]. 588 3.12. Add SMI Security for PKIX CMC Controls Registry 590 Within the SMI-numbers registry, add a "SMI Security for PKIX CMC 591 Controls (1.3.6.1.5.5.7.7)" table with three columns: 593 Decimal Description References 594 ------- ------------------------------ --------------------- 595 1 id-cmc-statusInfo [RFC2797] 596 2 id-cmc-identification [RFC2797] 597 3 id-cmc-identityProof [RFC2797] 598 4 id-cmc-dataReturn [RFC2797] 599 5 id-cmc-transactionId [RFC2797] 600 6 id-cmc-senderNonce [RFC2797] 601 7 id-cmc-recipientNonce [RFC2797] 602 8 id-cmc-addExtensions [RFC2797] 603 9 id-cmc-encryptedPOP [RFC2797] 604 10 id-cmc-decryptedPOP [RFC2797] 605 11 id-cmc-lraPOPWitness [RFC2797] 606 15 id-cmc-getCert [RFC2797] 607 16 id-cmc-getCRL [RFC2797] 608 17 id-cmc-revokeRequest [RFC2797] 609 18 id-cmc-regInfo [RFC2797] 610 19 id-cmc-responseInfo [RFC2797] 611 21 id-cmc-queryPending [RFC2797] 612 22 id-cmc-popLinkRandom [RFC2797] 613 23 id-cmc-popLinkWitness [RFC2797] 614 24 id-cmc-confirmCertAcceptance [RFC2797] 615 25 id-cmc-statusInfoV2 [RFC5272] 616 26 id-cmc-trustedAnchors [RFC5272] 617 27 id-cmc-authData [RFC5272] 618 28 id-cmc-batchRequests [RFC5272] 619 29 id-cmc-batchResponces [RFC5272] 620 30 id-cmc-publishCert [RFC5272] 621 31 id-cmc-modCertTemplate [RFC5272] 622 32 id-cmc-controlProcessed [RFC5272] 623 33 id-cmc-popLinkWitnessV2 [RFC5272] 624 34 id-cmc-identityProofV2 [RFC5272] 625 35 id-cmc-raIdentityWitness [RFC6402] 626 36 id-cmc-changeSubjectName [RFC6402] 627 37 id-cmc-responseBody [RFC6402] 628 99 id-cmc-glaRR [RFC5275] 630 Future updates to this table require both Specification Required and 631 Expert Review as defined in [RFC5226]. 633 3.13. Add SMI Security for PKIX CMC GLA Requests and Responses Registry 635 Within the SMI-numbers registry, add a "SMI Security for PKIX CMC GLA 636 Requests and Responses (1.3.6.1.5.5.7.7.99)" table with three 637 columns: 639 Decimal Description References 640 ------- ------------------------------ --------------------- 641 1 id-cmc-gla-skdAlgRequest [RFC5275] 642 2 id-cmc-gla-skdAlgResponse [RFC5275] 644 Future updates to this table require both Specification Required and 645 Expert Review as defined in [RFC5226]. 647 3.14. Add SMI Security for PKIX Other Name Forms Registry 649 Within the SMI-numbers registry, add a "SMI Security for PKIX Other 650 Name Forms (1.3.6.1.5.5.7.8)" table with three columns: 652 Decimal Description References 653 ------- ------------------------------ --------------------- 654 1 id-on-personalData Reserved and Obsolete 655 2 id-on-userGroup Reserved and Obsolete 656 3 id-on-permanentIdentifier [RFC4043] 657 4 id-on-hardwareModuleName [RFC4108] 658 5 id-on-xmppAddr [RFC3920] 659 6 id-on-SIM [RFC4683] 660 7 id-on-dnsSRV [RFC4985] 662 Future updates to this table require both Specification Required and 663 Expert Review as defined in [RFC5226]. 665 3.15. Add SMI Security for PKIX Personal Data Attributes Registry 667 Within the SMI-numbers registry, add a "SMI Security for PKIX 668 Personal Data Attributes (1.3.6.1.5.5.7.9)" table with three columns: 670 Decimal Description References 671 ------- ------------------------------ --------------------- 672 1 id-pda-dateOfBirth [RFC3039] 673 2 id-pda-placeOfBirth [RFC3039] 674 3 id-pda-gender [RFC3039] 675 4 id-pda-countryOfCitizenship [RFC3039] 676 5 id-pda-countryOfResidence [RFC3039] 678 Future updates to this table require both Specification Required and 679 Expert Review as defined in [RFC5226]. 681 3.16. Add SMI Security for PKIX Attribute Certificate Attributes 682 Registry 684 Within the SMI-numbers registry, add a "SMI Security for PKIX 685 Attribute Certificate Attributes (1.3.6.1.5.5.7.10)" table with three 686 columns: 688 Decimal Description References 689 ------- ------------------------------ --------------------- 690 1 id-aca-authenticationInfo [RFC3281] 691 2 id-aca-accessIdentity [RFC3281] 692 3 id-aca-chargingIdentity [RFC3281] 693 4 id-aca-group [RFC3281] 694 5 id-aca-role Reserved and Obsolete 695 6 id-aca-encAttrs [RFC3281] 696 7 id-aca-wlanSSID [RFC4334] 698 Future updates to this table require both Specification Required and 699 Expert Review as defined in [RFC5226]. 701 3.17. Add SMI Security for PKIX Qualified Certificate Statements 702 Registry 704 Within the SMI-numbers registry, add a "SMI Security for PKIX 705 Qualified Certificate Statements (1.3.6.1.5.5.7.11)" table with three 706 columns: 708 Decimal Description References 709 ------- ------------------------------ --------------------- 710 1 id-qcs-pkixQCSyntax-v1 [RFC3039] 711 2 id-qcs-pkixQCSyntax-v2 [RFC3739] 713 Future updates to this table require both Specification Required and 714 Expert Review as defined in [RFC5226]. 716 3.18. Add SMI Security for PKIX CMC Content Types Registry 718 Within the SMI-numbers registry, add a "SMI Security for PKIX CMC 719 Content Types (1.3.6.1.5.5.7.12)" table with three columns: 721 Decimal Description References 722 ------- ------------------------------ --------------------- 723 1 id-cct-crs Reserved and Obsolete 724 2 id-cct-PKIData [RFC2797] 725 3 id-cct-PKIResponse [RFC2797] 727 Future updates to this table require both Specification Required and 728 Expert Review as defined in [RFC5226]. 730 3.19. Add SMI Security for PKIX OIDs used Only for Testing Registry 732 Within the SMI-numbers registry, add a "SMI Security for PKIX OIDs 733 used ONLY for TESTING (1.3.6.1.5.5.7.13)" table with three columns: 735 Decimal Description References 736 ------- ------------------------------ --------------------- 737 1 id-TEST-certPolicyOne [ID-Housley] 738 2 id-TEST-certPolicyTwo [ID-Housley] 739 3 id-TEST-certPolicyThree [ID-Housley] 740 4 id-TEST-certPolicyFour [ID-Housley] 741 5 id-TEST-certPolicyFive [ID-Housley] 742 6 id-TEST-certPolicySix [ID-Housley] 743 7 id-TEST-certPolicySeven [ID-Housley] 744 8 id-TEST-certPolicyEight [ID-Housley] 746 Note: The object identifiers in this table should not appear on the 747 public Internet. These object identifiers are ONLY for 748 TESTING. 750 Future updates to this table require both Specification Required and 751 Expert Review as defined in [RFC5226]. 753 3.20. Add SMI Security for PKIX Certificate Policies Registry 755 Within the SMI-numbers registry, add a "SMI Security for PKIX 756 Certificate Policies (1.3.6.1.5.5.7.14)" table with three columns: 758 Decimal Description References 759 ------- ------------------------------ --------------------- 760 1 id-cp-sbgpCertificatePolicy Reserved and Obsolete 761 2 id-cp-ipAddr-asNumber [RFC6484] 763 Future updates to this table require both Specification Required and 764 Expert Review as defined in [RFC5226]. 766 3.21. Add SMI Security for PKIX CMC Error Types Registry 768 Within the SMI-numbers registry, add a "SMI Security for PKIX CMC 769 Error Types (1.3.6.1.5.5.7.15)" table with three columns: 771 Decimal Description References 772 ------- ------------------------------ --------------------- 773 1 id-cet-skdFailInfo [RFC5275] 775 Future updates to this table require both Specification Required and 776 Expert Review as defined in [RFC5226]. 778 3.22. Add SMI Security for PKIX Revocation Information Types Registry 780 Within the SMI-numbers registry, add a "SMI Security for PKIX 781 Revocation Information Types (1.3.6.1.5.5.7.16)" table with three 782 columns: 784 Decimal Description References 785 ------- ------------------------------ --------------------- 786 1 id-ri-crl [RFC5940] 787 2 id-ri-ocsp-response [RFC5940] 788 3 id-ri-delta-crl [RFC5940] 789 4 id-ri-scvp [RFC5940] 791 Future updates to this table require both Specification Required and 792 Expert Review as defined in [RFC5226]. 794 3.23. Add SMI Security for PKIX SCVP Check Types Registry 796 Within the SMI-numbers registry, add a "SMI Security for PKIX SCVP 797 Check Types (1.3.6.1.5.5.7.17)" table with three columns: 799 Decimal Description References 800 ------- ------------------------------ --------------------- 801 1 id-stc-build-pkc-path [RFC5055] 802 2 id-stc-build-valid-pkc-path [RFC5055] 803 3 id-stc-build-status-checked-pkc-path [RFC5055] 804 4 id-stc-build-aa-path [RFC5055] 805 5 id-stc-build-valid-aa-path [RFC5055] 806 6 id-stc-build-status-checked-aa-path [RFC5055] 807 7 id-stc-status-check-ac-and-build-status-checked-aa-path 808 [RFC5055] 810 Future updates to this table require both Specification Required and 811 Expert Review as defined in [RFC5226]. 813 3.24. Add SMI Security for PKIX SCVP Want Back Types Registry 815 Within the SMI-numbers registry, add a "SMI Security for PKIX SCVP 816 Want Back Types (1.3.6.1.5.5.7.18)" table with three columns: 818 Decimal Description References 819 ------- ------------------------------ --------------------- 820 1 id-swb-pkc-cert-path [RFC5055] 821 2 id-swb-pkc-revocation-info [RFC5055] 822 3 id-swb-pkc-cert-status Reserved and Obsolete 823 4 id-swb-pkc-public-key-info [RFC5055] 824 5 id-swb-aa-cert-path [RFC5055] 825 6 id-swb-aa-revocation-info [RFC5055] 826 7 id-swb-ac-revocation-info [RFC5055] 827 8 id-swb-ac-cert-status Reserved and Obsolete 828 9 id-swb-relayed-responses [RFC5055] 829 10 id-swb-pkc-cert [RFC5055] 830 11 id-swb-ac-cert [RFC5055] 831 12 id-swb-pkc-all-cert-paths [RFC5055] 832 13 id-swb-pkc-ee-revocation-info [RFC5055] 833 14 id-swb-pkc-ca-revocation-info [RFC5055] 834 15 id-swb-partial-cert-path [RFC5276] 835 16 id-swb-ers-pkc-cert [RFC5276] 836 17 id-swb-ers-best-cert-path [RFC5276] 837 18 id-swb-ers-partial-cert-path [RFC5276] 838 19 id-swb-ers-revocation-info [RFC5276] 839 20 id-swb-ers-all [RFC5276] 841 Future updates to this table require both Specification Required and 842 Expert Review as defined in [RFC5226]. 844 3.25. Add SMI Security for PKIX SCVP Validation Policies and Algorithms 845 Registry 847 Within the SMI-numbers registry, add a "SMI Security for PKIX SCVP 848 Validation Policies and Algorithms (1.3.6.1.5.5.7.19)" table with 849 three columns: 851 Decimal Description References 852 ------- ------------------------------ --------------------- 853 1 id-svp-defaultValPolicy [RFC5055] 854 2 id-svp-nameValAlg [RFC5055] 855 3 id-svp-basicValAlg [RFC5055] 856 4 id-svp-dnValAlg [RFC5055] 858 Note: id-svp-nameValAlg is also known as id-nvae. 860 Note: id-svp-basicValAlg is also known as id-bvae. 862 Note: id-svp-dnValAlg is also known as id-dnvae. 864 Future updates to this table require both Specification Required and 865 Expert Review as defined in [RFC5226]. 867 3.26. Add SMI Security for PKIX SCVP Name Validation Policy Errors 868 Registry 870 Within the SMI-numbers registry, add a "SMI Security for PKIX SCVP 871 Name Validation Policy Errors (1.3.6.1.5.5.7.19.2)" table with three 872 columns: 874 Decimal Description References 875 ------- ------------------------------ --------------------- 876 1 id-nvae-nameMismatch [RFC5055] 877 2 id-nvae-noCertName [RFC5055] 878 3 id-nvae-unknownPupose [RFC5055] 879 4 id-nvae-badName [RFC5055] 880 5 id-nvae-badNameType [RFC5055] 881 6 id-nvae-mixedNames [RFC5055] 883 Future updates to this table require both Specification Required and 884 Expert Review as defined in [RFC5226]. 886 3.27. Add SMI Security for PKIX SCVP Basic Validation Policy Errors 887 Registry 889 Within the SMI-numbers registry, add a "SMI Security for PKIX SCVP 890 Basic Validation Policy Errors (1.3.6.1.5.5.7.19.3)" table with three 891 columns: 893 Decimal Description References 894 ------- ------------------------------ --------------------- 895 1 id-bvae-expired [RFC5055] 896 2 id-bvae-notYetValid [RFC5055] 897 3 id-bvae-wrongTrustAnchor [RFC5055] 898 4 id-bvae-noValidCertPath [RFC5055] 899 5 id-bvae-revoked [RFC5055] 900 9 id-bvae-invalidKeyPurpose [RFC5055] 901 10 id-bvae-invalidKeyUsage [RFC5055] 902 11 id-bvae-invalidCertPolicy [RFC5055] 903 12 id-bvae-invalidName Reserved and Obsolete 904 13 id-bvae-invalidEntity Reserved and Obsolete 905 14 id-bvae-invalidPathDepth Reserved and Obsolete 907 Future updates to this table require both Specification Required and 908 Expert Review as defined in [RFC5226]. 910 3.28. Add SMI Security for PKIX SCVP Distinguished Name Validation 911 Policy Errors Registry 913 Within the SMI-numbers registry, add a "SMI Security for PKIX SCVP 914 Distinguished Name Validation Policy Errors (1.3.6.1.5.5.7.19.4)" 915 table with three columns: 917 Decimal Description References 918 ------- ------------------------------ --------------------- 920 Note: This table is currently empty. 922 Future updates to this table require both Specification Required and 923 Expert Review as defined in [RFC5226]. 925 3.29. Add SMI Security for PKIX Other Logotype Identifiers Registry 927 Within the SMI-numbers registry, add a "SMI Security for PKIX Other 928 Logotype Identifiers (1.3.6.1.5.5.7.20)" table with three columns: 930 Decimal Description References 931 ------- ------------------------------ --------------------- 932 1 id-logo-loyalty [RFC3709] 933 2 id-logo-background [RFC3709] 934 3 id-logo-certImage [RFC6170] 936 Future updates to this table require both Specification Required and 937 Expert Review as defined in [RFC5226]. 939 3.30. Add SMI Security for PKIX Proxy Certificate Policy Languages 940 Registry 942 Within the SMI-numbers registry, add a "SMI Security for PKIX Proxy 943 Certificate Policy Languages (1.3.6.1.5.5.7.21)" table with three 944 columns: 946 Decimal Description References 947 ------- ------------------------------ --------------------- 948 1 id-ppl-anyLanguage [RFC3820] 949 2 id-ppl-inheritAll [RFC3820] 950 3 id-ppl-independent [RFC3820] 952 Future updates to this table require both Specification Required and 953 Expert Review as defined in [RFC5226]. 955 3.31. Add SMI Security for PKIX Proxy Matching Rules Registry 957 Within the SMI-numbers registry, add a "SMI Security for PKIX 958 Matching Rules (1.3.6.1.5.5.7.22)" table with three columns: 960 Decimal Description References 961 ------- ------------------------------ --------------------- 962 1 id-mr-pkix-alphanum-ids [RFC2985] 964 Future updates to this table require both Specification Required and 965 Expert Review as defined in [RFC5226]. 967 3.32. Add SMI Security for PKIX Subject Key Identifier Semantics 968 Registry 970 Within the SMI-numbers registry, add a "SMI Security for PKIX Subject 971 Key Identifier Semantics (1.3.6.1.5.5.7.23)" table with three 972 columns: 974 Decimal Description References 975 ------- ------------------------------ --------------------- 976 1 id-skis-keyHash Reserved and Obsolete 977 2 id-skis-4BitKeyHash Reserved and Obsolete 978 3 id-skis-keyInfoHash Reserved and Obsolete 980 Future updates to this table require both Specification Required and 981 Expert Review as defined in [RFC5226]. 983 3.33. Add SMI Security for PKIX Access Descriptor Registry 985 Within the SMI-numbers registry, add a "SMI Security for PKIX Access 986 Descriptors for the Authority Information Access Extension 987 (1.3.6.1.5.5.7.48)" table with three columns: 989 Decimal Description References 990 ------- ------------------------------ --------------------- 991 1 id-ad-ocsp [RFC2459] 992 2 id-ad-caIssuers [RFC2459] 993 3 id-ad-timestamping [RFC3161] 994 4 id-ad-dvcs [RFC3029] 995 5 id-ad-caRepository [RFC3280] 996 6 id-ad-http-certs [RFC4387] 997 7 id-ad-http-crls [RFC4387] 998 8 id-ad-xkms Reserved and Obsolete 999 9 id-ad-signedObjectRepository Reserved and Obsolete 1000 10 id-ad-rpkiManifest [RFC6487] 1001 11 id-ad-signedObject [RFC6487] 1002 12 id-ad-cmc [RFC6402] 1004 Note: id-ad-ocsp is also known as id-pkix-ocsp. 1006 Future updates to this table require both Specification Required and 1007 Expert Review as defined in [RFC5226]. 1009 3.34. Add SMI Security for PKIX OCSP Registry 1011 Within the SMI-numbers registry, add a "SMI Security for PKIX Online 1012 Certificate Status Protocol (OCSP) (1.3.6.1.5.5.7.48.1)" table with 1013 three columns: 1015 Decimal Description References 1016 ------- ------------------------------ --------------------- 1017 1 id-pkix-ocsp-basic [RFC2560] 1018 2 id-pkix-ocsp-nonce [RFC2560] 1019 3 id-pkix-ocsp-crl [RFC2560] 1020 4 id-pkix-ocsp-response [RFC2560] 1021 5 id-pkix-ocsp-nocheck [RFC2560] 1022 6 id-pkix-ocsp-archive-cutoff [RFC2560] 1023 7 id-pkix-ocsp-service-locator [RFC2560] 1024 8 id-pkix-ocsp-pref-sig-algs [RFC6277] 1025 9 id-pkix-ocsp-extended-revoke [RFC6960] 1027 Future updates to this table require both Specification Required and 1028 Expert Review as defined in [RFC5226]. 1030 4. Security Considerations 1032 This document populates an IANA registry, and it raises no new 1033 security considerations. The protocols that specify these values 1034 include the security considerations associated with their usage. 1036 5. References 1038 5.1. Normative References 1040 [ASN1-88] International Telephone and Telegraph Consultative 1041 Committee, "Specification of Abstract Syntax Notation One 1042 (ASN.1)", CCITT Recommendation X.208, 1988. 1044 [ASN1-97] International Telecommunications Union, "Abstract Syntax 1045 Notation One (ASN.1): Specification of basic notation", 1046 ITU-T Recommendation X.680, 1997. 1048 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 1049 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 1050 May 2008. 1052 5.2. Informative References 1054 [Err3860] Errata for RFC 6402. 1055 [http://www.rfc-editor.org/errata_search.php?eid=3860] 1057 [ID-Abley] Abley, J., J. Schlyter, and G. Bailey, "DNSSEC Trust 1058 Anchor Publication for the Root Zone", Work in Progress, 1059 December 2013. 1060 [draft-jabley-dnssec-trust-anchor-08] 1062 [ID-BGPSEC] Reynolds, M., S. Turner, and S. Kent, "A Profile for 1063 BGPSEC Router Certificates, Certificate Revocation Lists, 1064 and Certification Requests", Work in Progress, September 1065 2013. 1066 [draft-ietf-sidr-bgpsec-pki-profiles-06] 1068 [ID-Housley] Housley, R., "Object Identifiers for Test Certificate 1069 Policies", Work in Progress, January 2014. 1070 [draft-housley-pkix-test-oids-00] 1072 [RFC2459] Housley, R., Ford, W., Polk, W., and D. Solo, "Internet 1073 X.509 Public Key Infrastructure Certificate and CRL 1074 Profile", RFC 2459, January 1999. 1076 [RFC2510] Adams, C. and S. Farrell, "Internet X.509 Public Key 1077 Infrastructure Certificate Management Protocols", 1078 RFC 2510, March 1999. 1080 [RFC2511] Myers, M., Adams, C., Solo, D., and D. Kemp, "Internet 1081 X.509 Certificate Request Message Format", RFC 2511, March 1082 1999. 1084 [RFC2528] Housley, R. and W. Polk, "Internet X.509 Public Key 1085 Infrastructure Representation of Key Exchange Algorithm 1086 (KEA) Keys in Internet X.509 Public Key Infrastructure 1087 Certificates", RFC 2528, March 1999. 1089 [RFC2560] Myers, M., Ankney, R., Malpani, A., Galperin, S., and C. 1090 Adams, "X.509 Internet Public Key Infrastructure Online 1091 Certificate Status Protocol - OCSP", RFC 2560, June 1999. 1093 [RFC2797] Myers, M., Liu, X., Schaad, J., and J. Weinstein, 1094 "Certificate Management Messages over CMS", RFC 2797, 1095 April 2000. 1097 [RFC2875] Prafullchandra, H. and J. Schaad, "Diffie-Hellman Proof- 1098 of-Possession Algorithms", RFC 2875, July 2000. 1100 [RFC2985] Nystrom, M. and B. Kaliski, "PKCS #9: Selected Object 1101 Classes and Attribute Types Version 2.0", RFC 2985, 1102 November 2000. 1104 [RFC3029] Adams, C., Sylvester, P., Zolotarev, M., and R. 1105 Zuccherato, "Internet X.509 Public Key Infrastructure Data 1106 Validation and Certification Server Protocols", RFC 3029, 1107 February 2001. 1109 [RFC3039] Santesson, S., Polk, W., Barzin, P., and M. Nystrom, 1110 "Internet X.509 Public Key Infrastructure Qualified 1111 Certificates Profile", RFC 3039, January 2001. 1113 [RFC3161] Adams, C., Cain, P., Pinkas, D., and R. Zuccherato, 1114 "Internet X.509 Public Key Infrastructure Time-Stamp 1115 Protocol (TSP)", RFC 3161, August 2001. 1117 [RFC3279] Bassham, L., Polk, W., and R. Housley, "Algorithms and 1118 Identifiers for the Internet X.509 Public Key 1119 Infrastructure Certificate and Certificate Revocation List 1120 (CRL) Profile", RFC 3279, April 2002. 1122 [RFC3280] Housley, R., Polk, W., Ford, W., and D. Solo, "Internet 1123 X.509 Public Key Infrastructure Certificate and 1124 Certificate Revocation List (CRL) Profile", RFC 3280, 1125 April 2002. 1127 [RFC3281] Farrell, S. and R. Housley, "An Internet Attribute 1128 Certificate Profile for Authorization", RFC 3281, April 1129 2002. 1131 [RFC3709] Santesson, S., Housley, R., and T. Freeman, "Internet 1132 X.509 Public Key Infrastructure: Logotypes in X.509 1133 Certificates", RFC 3709, February 2004. 1135 [RFC3739] Santesson, S., Nystrom, M., and T. Polk, "Internet X.509 1136 Public Key Infrastructure: Qualified Certificates 1137 Profile", RFC 3739, March 2004. 1139 [RFC3770] Housley, R. and T. Moore, "Certificate Extensions and 1140 Attributes Supporting Authentication in Point-to-Point 1141 Protocol (PPP) and Wireless Local Area Networks (WLAN)", 1142 RFC 3770, May 2004. 1144 [RFC3779] Lynn, C., Kent, S., and K. Seo, "X.509 Extensions for IP 1145 Addresses and AS Identifiers", RFC 3779, June 2004. 1147 [RFC3820] Tuecke, S., Welch, V., Engert, D., Pearlman, L., and M. 1148 Thompson, "Internet X.509 Public Key Infrastructure (PKI) 1149 Proxy Certificate Profile", RFC 3820, June 2004. 1151 [RFC3920] Saint-Andre, P., Ed., "Extensible Messaging and Presence 1152 Protocol (XMPP): Core", RFC 3920, October 2004. 1154 [RFC4043] Pinkas, D. and T. Gindin, "Internet X.509 Public Key 1155 Infrastructure Permanent Identifier", RFC 4043, May 2005. 1157 [RFC4055] Schaad, J., Kaliski, B., and R. Housley, "Additional 1158 Algorithms and Identifiers for RSA Cryptography for use in 1159 the Internet X.509 Public Key Infrastructure Certificate 1160 and Certificate Revocation List (CRL) Profile", RFC 4055, 1161 June 2005. 1163 [RFC4059] Linsenbardt, D., Pontius, S., and A. Sturgeon, "Internet 1164 X.509 Public Key Infrastructure Warranty Certificate 1165 Extension", RFC 4059, May 2005. 1167 [RFC4108] Housley, R., "Using Cryptographic Message Syntax (CMS) to 1168 Protect Firmware Packages", RFC 4108, August 2005. 1170 [RFC4210] Adams, C., Farrell, S., Kause, T., and T. Mononen, 1171 "Internet X.509 Public Key Infrastructure Certificate 1172 Management Protocol (CMP)", RFC 4210, September 2005. 1174 [RFC4306] Kaufman, C., Ed., "Internet Key Exchange (IKEv2) 1175 Protocol", RFC 4306, December 2005. 1177 [RFC4334] Housley, R. and T. Moore, "Certificate Extensions and 1178 Attributes Supporting Authentication in Point-to-Point 1179 Protocol (PPP) and Wireless Local Area Networks (WLAN)", 1180 RFC 4334, February 2006. 1182 [RFC4387] Gutmann, P., Ed., "Internet X.509 Public Key 1183 Infrastructure Operational Protocols: Certificate Store 1184 Access via HTTP", RFC 4387, February 2006. 1186 [RFC4476] Francis, C. and D. Pinkas, "Attribute Certificate (AC) 1187 Policies Extension", RFC 4476, May 2006. 1189 [RFC4683] Park, J., Lee, J., . Lee, H., Park, S., and T. Polk, 1190 "Internet X.509 Public Key Infrastructure Subject 1191 Identification Method (SIM)", RFC 4683, October 2006. 1193 [RFC4945] Korver, B., "The Internet IP Security PKI Profile of 1194 IKEv1/ISAKMP, IKEv2, and PKIX", RFC 4945, August 2007. 1196 [RFC4985] Santesson, S., "Internet X.509 Public Key Infrastructure 1197 Subject Alternative Name for Expression of Service Name", 1198 RFC 4985, August 2007. 1200 [RFC5055] Freeman, T., Housley, R., Malpani, A., Cooper, D., and W. 1201 Polk, "Server-Based Certificate Validation Protocol 1202 (SCVP)", RFC 5055, December 2007. 1204 [RFC5272] Schaad, J. and M. Myers, "Certificate Management over CMS 1205 (CMC)", RFC 5272, June 2008. 1207 [RFC5275] Turner, S., "CMS Symmetric Key Management and 1208 Distribution", RFC 5275, June 2008. 1210 [RFC5276] Wallace, C., "Using the Server-Based Certificate 1211 Validation Protocol (SCVP) to Convey Long-Term Evidence 1212 Records", RFC 5276, August 2008. 1214 [RFC5415] Calhoun, P., Ed., Montemurro, M., Ed., and D. Stanley, 1215 Ed., "Control And Provisioning of Wireless Access Points 1216 (CAPWAP) Protocol Specification", RFC 5415, March 2009. 1218 [RFC5480] Turner, S., Brown, D., Yiu, K., Housley, R., and T. Polk, 1219 "Elliptic Curve Cryptography Subject Public Key 1220 Information", RFC 5480, March 2009. 1222 [RFC5697] Farrell, S., "Other Certificates Extension", RFC 5697, 1223 November 2009. 1225 [RFC5755] Farrell, S., Housley, R., and S. Turner, "An Internet 1226 Attribute Certificate Profile for Authorization", 1227 RFC 5755, January 2010. 1229 [RFC5912] Hoffman, P. and J. Schaad, "New ASN.1 Modules for the 1230 Public Key Infrastructure Using X.509 (PKIX)", RFC 5912, 1231 June 2010. 1233 [RFC5913] Turner, S. and S. Chokhani, "Clearance Attribute and 1234 Authority Clearance Constraints Certificate Extension", 1235 RFC 5913, June 2010. 1237 [RFC5915] Turner, S. and D. Brown, "Elliptic Curve Private Key 1238 Structure", RFC 5915, June 2010. 1240 [RFC5924] Lawrence, S. and V. Gurbani, "Extended Key Usage (EKU) for 1241 Session Initiation Protocol (SIP) X.509 Certificates", 1242 RFC 5924, June 2010. 1244 [RFC5934] Housley, R., Ashmore, S., and C. Wallace, "Trust Anchor 1245 Management Protocol (TAMP)", RFC 5934, August 2010. 1247 [RFC5940] Turner, S. and R. Housley, "Additional Cryptographic 1248 Message Syntax (CMS) Revocation Information Choices", 1249 RFC 5940, August 2010. 1251 [RFC6010] Housley, R., Ashmore, S., and C. Wallace, "Cryptographic 1252 Message Syntax (CMS) Content Constraints Extension", 1253 RFC 6010, September 2010. 1255 [RFC6170] Santesson, S., Housley, R., Bajaj, S., and L. Rosenthol, 1256 "Internet X.509 Public Key Infrastructure -- Certificate 1257 Image", RFC 6170, May 2011. 1259 [RFC6187] Igoe, K. and D. Stebila, "X.509v3 Certificates for Secure 1260 Shell Authentication", RFC 6187, March 2011. 1262 [RFC6268] Schaad, J. and S. Turner, "Additional New ASN.1 Modules 1263 for the Cryptographic Message Syntax (CMS) and the Public 1264 Key Infrastructure Using X.509 (PKIX)", RFC 6268, July 1265 2011. 1267 [RFC6277] Santesson, S. and P. Hallam-Baker, "Online Certificate 1268 Status Protocol Algorithm Agility", RFC 6277, June 2011. 1270 [RFC6402] Schaad, J., "Certificate Management over CMS (CMC) 1271 Updates", RFC 6402, November 2011. 1273 [RFC6484] Kent, S., Kong, D., Seo, K., and R. Watro, "Certificate 1274 Policy (CP) for the Resource Public Key Infrastructure 1275 (RPKI)", BCP 173, RFC 6484, February 2012. 1277 [RFC6487] Huston, G., Michaelson, G., and R. Loomans, "A Profile for 1278 X.509 PKIX Resource Certificates", RFC 6487, February 1279 2012. 1281 [RFC6494] Gagliano, R., Krishnan, S., and A. Kukec, "Certificate 1282 Profile and Certificate Management for SEcure Neighbor 1283 Discovery (SEND)", RFC 6494, February 2012. 1285 [RFC6664] Schaad, J., "S/MIME Capabilities for Public Key 1286 Definitions", RFC 6664, July 2012. 1288 [RFC6955] Schaad, J. and H. Prafullchandra, "Diffie-Hellman Proof- 1289 of-Possession Algorithms", RFC 6955, May 2013. 1291 [RFC6960] Santesson, S., Myers, M., Ankney, R., Malpani, A., 1292 Galperin, S., and C. Adams, "X.509 Internet Public Key 1293 Infrastructure Online Certificate Status Protocol - OCSP", 1294 RFC 6960, June 2013. 1296 [RFC7169] Turner, S., "The NSA (No Secrecy Afforded) Certificate 1297 Extension", RFC 7169, 1 April 2014. 1299 Acknowledgements 1301 Many thanks to David Cooper, Jim Schaad, and Sean Turner for their 1302 careful review and comments. 1304 Author's Address 1306 Russ Housley 1307 918 Spring Knoll Drive 1308 Herndon, VA 20170 1309 USA 1310 EMail: housley@vigilsec.com