idnits 2.17.00 (12 Aug 2021) /tmp/idnits35892/draft-housley-pkix-test-oids-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 60 has weird spacing: '...mapping exten...' -- The document date (7 January 2014) is 3049 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- No issues found here. Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 INTERNET-DRAFT R. Housley 3 Intended Status: Informational Vigil Security 4 Expires: 11 July 2014 7 January 2014 6 Object Identifiers for Test Certificate Policies 7 draft-housley-pkix-test-oids-00 9 Abstract 11 This document provides several certificate policy identifiers for 12 testing certificate handling software. 14 Status of this Memo 16 This Internet-Draft is submitted to IETF in full conformance with the 17 provisions of BCP 78 and BCP 79. 19 Internet-Drafts are working documents of the Internet Engineering 20 Task Force (IETF), its areas, and its working groups. Note that 21 other groups may also distribute working documents as 22 Internet-Drafts. 24 Internet-Drafts are draft documents valid for a maximum of six months 25 and may be updated, replaced, or obsoleted by other documents at any 26 time. It is inappropriate to use Internet-Drafts as reference 27 material or to cite them other than as "work in progress." 29 The list of current Internet-Drafts can be accessed at 30 http://www.ietf.org/1id-abstracts.html 32 The list of Internet-Draft Shadow Directories can be accessed at 33 http://www.ietf.org/shadow.html 35 Copyright and License Notice 37 Copyright (c) 2014 IETF Trust and the persons identified as the 38 document authors. All rights reserved. 40 This document is subject to BCP 78 and the IETF Trust's Legal 41 Provisions Relating to IETF Documents 42 (http://trustee.ietf.org/license-info) in effect on the date of 43 publication of this document. Please review these documents 44 carefully, as they describe your rights and restrictions with respect 45 to this document. Code Components extracted from this document must 46 include Simplified BSD License text as described in Section 4.e of 47 the Trust Legal Provisions and are provided without warranty as 48 described in the Simplified BSD License. 50 1. Introduction 52 This document provides several certificate policy identifiers for 53 testing certificate handling software. These certificate policy 54 identifiers are not intended for use in the public Internet. 56 The certificate policy identifiers provided in this document are 57 consistent with the certificate profile specified in [RFC5280], and 58 they are appropriate for testing the certificate policy processing, 59 especially the handling of the certificate policy extension, the 60 policy constraints extension, and the policy mapping extension. 62 2. Certificate Policy Identifiers for Testing 64 The following certificate policy identifiers are provided for testing 65 certificate handling software. ASN.1 [ASN1-88][ASN1-97] object 66 identifiers are used to name certificate policies. 68 id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) 69 dod(6) internet(1) security(5) mechanisms(5) pkix(7) } 71 id-TEST OBJECT IDENTIFIER ::= { id-pkix 13 } 73 -- Object Identifiers used ONLY for TESTING 74 id-TEST-certPolicyOne OBJECT IDENTIFIER ::= { id-TEST 1 } 75 id-TEST-certPolicyTwo OBJECT IDENTIFIER ::= { id-TEST 2 } 76 id-TEST-certPolicyThree OBJECT IDENTIFIER ::= { id-TEST 3 } 77 id-TEST-certPolicyFour OBJECT IDENTIFIER ::= { id-TEST 4 } 78 id-TEST-certPolicyFive OBJECT IDENTIFIER ::= { id-TEST 5 } 79 id-TEST-certPolicySix OBJECT IDENTIFIER ::= { id-TEST 6 } 80 id-TEST-certPolicySeven OBJECT IDENTIFIER ::= { id-TEST 7 } 81 id-TEST-certPolicyEight OBJECT IDENTIFIER ::= { id-TEST 8 } 83 3. Security Considerations 85 This specification does not identify particular certificate policies 86 for use in the Internet public key infrastructure. The actual 87 polices used for production certificates has a significant impact on 88 the confidence that one can place in the certificate. No confidence 89 should be placed in any certificate that makes use of these 90 certificate policy identifiers since they are intended only for 91 testing. 93 4. IANA Considerations 95 The object identifiers used in this document are defined in an arc 96 delegated by IANA to the PKIX Working Group. No further action by 97 IANA is necessary for this document or any anticipated updates. 99 5. Normative References 101 [ASN1-88] International Telephone and Telegraph Consultative 102 Committee, "Specification of Abstract Syntax Notation One 103 (ASN.1)", CCITT Recommendation X.208, 1988. 105 [ASN1-97] International Telecommunications Union, "Abstract Syntax 106 Notation One (ASN.1): Specification of basic notation", 107 ITU-T Recommendation X.680, 1997. 109 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 110 Housley, R., and W. Polk, "Internet X.509 Public Key 111 Infrastructure Certificate and Certificate Revocation List 112 (CRL) Profile", RFC 5280, May 2008. 114 Appendix: ASN.1 Module 116 This appendix provides the certificate policy identifiers (object 117 identifiers) in an ASN.1 module. No fancy structures are needed, so 118 this module is compatible with [ASN1-88] and [ASN1-97]. 120 PKIXTestCertPolicies { iso(1) identified-organization(3) dod(6) 121 internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) 122 id-mod-TEST-certPolicies(83) } 124 DEFINITIONS IMPLICIT TAGS ::= 126 BEGIN 128 -- EXPORTS ALL -- 129 -- IMPORTS NONE -- 131 id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) 132 dod(6) internet(1) security(5) mechanisms(5) pkix(7) } 134 id-TEST OBJECT IDENTIFIER ::= { id-pkix 13 } 136 -- Object Identifiers used ONLY for TESTING 137 id-TEST-certPolicyOne OBJECT IDENTIFIER ::= { id-TEST 1 } 138 id-TEST-certPolicyTwo OBJECT IDENTIFIER ::= { id-TEST 2 } 139 id-TEST-certPolicyThree OBJECT IDENTIFIER ::= { id-TEST 3 } 140 id-TEST-certPolicyFour OBJECT IDENTIFIER ::= { id-TEST 4 } 141 id-TEST-certPolicyFive OBJECT IDENTIFIER ::= { id-TEST 5 } 142 id-TEST-certPolicySix OBJECT IDENTIFIER ::= { id-TEST 6 } 143 id-TEST-certPolicySeven OBJECT IDENTIFIER ::= { id-TEST 7 } 144 id-TEST-certPolicyEight OBJECT IDENTIFIER ::= { id-TEST 8 } 146 END 148 Author's Address 150 Russell Housley 151 Vigil Security, LLC 152 918 Spring Knoll Drive 153 Herndon, VA 20170 154 USA 155 EMail: housley@vigilsec.com