| < draft-housley-pkix-oids-00.txt | draft-housley-pkix-oids-01.txt > | |||
|---|---|---|---|---|
| INTERNET-DRAFT R. Housley | INTERNET-DRAFT R. Housley | |||
| Intended Status: Informational Vigil Security | Intended Status: Informational Vigil Security | |||
| Expires: 30 July 2014 26 January 2014 | Expires: 3 August 2014 3 February 2014 | |||
| Object Identifier Registry for the PKIX Working Group | Object Identifier Registry for the PKIX Working Group | |||
| <draft-housley-pkix-oids-00.txt> | <draft-housley-pkix-oids-01.txt> | |||
| Abstract | Abstract | |||
| When the Public-Key Infrastructure using X.509 (PKIX) Working Group | When the Public-Key Infrastructure using X.509 (PKIX) Working Group | |||
| was chartered, an object identifier arc was was allocated by IANA for | was chartered, an object identifier arc was was allocated by IANA for | |||
| use by that working group. This document describes the object | use by that working group. This document describes the object | |||
| identifiers that were assigned in that arc, it returns control of | identifiers that were assigned in that arc, it returns control of | |||
| that arc to IANA, and it establishes IANA allocation policies for any | that arc to IANA, and it establishes IANA allocation policies for any | |||
| future assignments within that arc. | future assignments within that arc. | |||
| skipping to change at page 2, line 21 ¶ | skipping to change at page 2, line 21 ¶ | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 2. Subordinate Object Identifier Arcs . . . . . . . . . . . . . . 4 | 2. Subordinate Object Identifier Arcs . . . . . . . . . . . . . . 4 | |||
| 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 | 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 3.1. Update to SMI Security for Mechanism Codes Registry . . . 6 | 3.1. Update to SMI Security for Mechanism Codes Registry . . . 6 | |||
| 3.2. Add SMI Security for PKIX Registry . . . . . . . . . . . . 6 | 3.2. Add SMI Security for PKIX Registry . . . . . . . . . . . . 7 | |||
| 3.3. Add SMI Security for PKIX Module Identifier Registry . . . 7 | 3.3. Add SMI Security for PKIX Module Identifier Registry . . . 7 | |||
| 3.4. Add SMI Security for PKIX Certificate Extension Registry . 9 | 3.4. Add SMI Security for PKIX Certificate Extension Registry . 9 | |||
| 3.5. Add SMI Security for PKIX Policy Qualifier Registry . . . 10 | 3.5. Add SMI Security for PKIX Policy Qualifier Registry . . . 10 | |||
| 3.6. Add SMI Security for PKIX Extended Key Purpose Registry . 10 | 3.6. Add SMI Security for PKIX Extended Key Purpose Registry . 10 | |||
| 3.7. Add SMI Security for PKIX CMP Information Types Registry . 11 | 3.7. Add SMI Security for PKIX CMP Information Types Registry . 11 | |||
| 3.8. Add SMI Security for PKIX CRMF Registration Registry . . . 12 | 3.8. Add SMI Security for PKIX CRMF Registration Registry . . . 12 | |||
| 3.9. Add SMI Security for PKIX CRMF Registration Controls | 3.9. Add SMI Security for PKIX CRMF Registration Controls | |||
| Registry . . . . . . . . . . . . . . . . . . . . . . . . . 12 | Registry . . . . . . . . . . . . . . . . . . . . . . . . . 12 | |||
| 3.10. Add SMI Security for PKIX CRMF Registration Information | 3.10. Add SMI Security for PKIX CRMF Registration Information | |||
| Registry . . . . . . . . . . . . . . . . . . . . . . . . 12 | Registry . . . . . . . . . . . . . . . . . . . . . . . . 13 | |||
| 3.11. Add SMI Security for PKIX Algorithms Registry . . . . . . 13 | 3.11. Add SMI Security for PKIX Algorithms Registry . . . . . . 13 | |||
| 3.12. Add SMI Security for PKIX CMC Controls Registry . . . . . 13 | 3.12. Add SMI Security for PKIX CMC Controls Registry . . . . . 14 | |||
| 3.13. Add SMI Security for PKIX CMC GLA Requests and | 3.13. Add SMI Security for PKIX CMC GLA Requests and | |||
| Responses Registry . . . . . . . . . . . . . . . . . . . 14 | Responses Registry . . . . . . . . . . . . . . . . . . . 15 | |||
| 3.14. Add SMI Security for PKIX Other Name Forms Registry . . . 15 | 3.14. Add SMI Security for PKIX Other Name Forms Registry . . . 15 | |||
| 3.15. Add SMI Security for PKIX Personal Data Attributes | 3.15. Add SMI Security for PKIX Personal Data Attributes | |||
| Registry . . . . . . . . . . . . . . . . . . . . . . . . 15 | Registry . . . . . . . . . . . . . . . . . . . . . . . . 15 | |||
| 3.16. Add SMI Security for PKIX Attribute Certificate | 3.16. Add SMI Security for PKIX Attribute Certificate | |||
| Attributes Registry . . . . . . . . . . . . . . . . . . . 15 | Attributes Registry . . . . . . . . . . . . . . . . . . . 16 | |||
| 3.17. Add SMI Security for PKIX Qualified Certificate | 3.17. Add SMI Security for PKIX Qualified Certificate | |||
| Statements Registry . . . . . . . . . . . . . . . . . . . 16 | Statements Registry . . . . . . . . . . . . . . . . . . . 16 | |||
| 3.18. Add SMI Security for PKIX CMC Content Types Registry . . 16 | 3.18. Add SMI Security for PKIX CMC Content Types Registry . . 16 | |||
| 3.19. Add SMI Security for PKIX OIDs used Only for Testing | 3.19. Add SMI Security for PKIX OIDs used Only for Testing | |||
| Registry . . . . . . . . . . . . . . . . . . . . . . . . 16 | Registry . . . . . . . . . . . . . . . . . . . . . . . . 17 | |||
| 3.20. Add SMI Security for PKIX Certificate Policies Registry . 17 | 3.20. Add SMI Security for PKIX Certificate Policies Registry . 17 | |||
| 3.21. Add SMI Security for PKIX CMC Error Types Registry . . . 17 | 3.21. Add SMI Security for PKIX CMC Error Types Registry . . . 17 | |||
| 3.22. Add SMI Security for PKIX Revocation Information Types | 3.22. Add SMI Security for PKIX Revocation Information Types | |||
| Registry . . . . . . . . . . . . . . . . . . . . . . . . 17 | Registry . . . . . . . . . . . . . . . . . . . . . . . . 18 | |||
| 3.23. Add SMI Security for PKIX SCVP Check Types Registry . . . 18 | 3.23. Add SMI Security for PKIX SCVP Check Types Registry . . . 18 | |||
| 3.24. Add SMI Security for PKIX SCVP Want Back Types Registry . 18 | 3.24. Add SMI Security for PKIX SCVP Want Back Types Registry . 18 | |||
| 3.25. Add SMI Security for PKIX SCVP Validation Policies and | 3.25. Add SMI Security for PKIX SCVP Validation Policies and | |||
| Algorithms Registry . . . . . . . . . . . . . . . . . . . 19 | Algorithms Registry . . . . . . . . . . . . . . . . . . . 19 | |||
| 3.26. Add SMI Security for PKIX SCVP Name Validation Policy | 3.26. Add SMI Security for PKIX SCVP Name Validation Policy | |||
| Errors Registry . . . . . . . . . . . . . . . . . . . . . 19 | Errors Registry . . . . . . . . . . . . . . . . . . . . . 20 | |||
| 3.26. Add SMI Security for PKIX SCVP Name Validation Policy | ||||
| Errors Registry . . . . . . . . . . . . . . . . . . . . . 19 | ||||
| 3.27. Add SMI Security for PKIX SCVP Basic Validation Policy | 3.27. Add SMI Security for PKIX SCVP Basic Validation Policy | |||
| Errors Registry . . . . . . . . . . . . . . . . . . . . . 20 | Errors Registry . . . . . . . . . . . . . . . . . . . . . 20 | |||
| 3.28. Add SMI Security for PKIX SCVP Distinguished Name | 3.28. Add SMI Security for PKIX SCVP Distinguished Name | |||
| Validation Policy Errors Registry . . . . . . . . . . . . 20 | Validation Policy Errors Registry . . . . . . . . . . . . 21 | |||
| 3.29. Add SMI Security for PKIX Other Logotype Identifiers | 3.29. Add SMI Security for PKIX Other Logotype Identifiers | |||
| Registry . . . . . . . . . . . . . . . . . . . . . . . . 21 | Registry . . . . . . . . . . . . . . . . . . . . . . . . 21 | |||
| 3.30. Add SMI Security for PKIX Proxy Certificate Policy | 3.30. Add SMI Security for PKIX Proxy Certificate Policy | |||
| Languages Registry . . . . . . . . . . . . . . . . . . . 21 | Languages Registry . . . . . . . . . . . . . . . . . . . 21 | |||
| 3.31. Add SMI Security for PKIX Proxy Matching Rules Registry . 21 | 3.31. Add SMI Security for PKIX Proxy Matching Rules Registry . 22 | |||
| 3.32. Add SMI Security for PKIX Subject Key Identifier | 3.32. Add SMI Security for PKIX Subject Key Identifier | |||
| Semantics Registry . . . . . . . . . . . . . . . . . . . 22 | Semantics Registry . . . . . . . . . . . . . . . . . . . 22 | |||
| 3.33. Add SMI Security for PKIX Access Descriptor Registry . . 22 | 3.33. Add SMI Security for PKIX Access Descriptor Registry . . 22 | |||
| 3.34. Add SMI Security for PKIX OCSP Registry . . . . . . . . . 22 | 3.34. Add SMI Security for PKIX OCSP Registry . . . . . . . . . 23 | |||
| 4. Security Considerations . . . . . . . . . . . . . . . . . . . 23 | 4. Security Considerations . . . . . . . . . . . . . . . . . . . 23 | |||
| 5. References . . . . . . . . . . . . . . . . . . . . . . . . . . 23 | 5. References . . . . . . . . . . . . . . . . . . . . . . . . . . 23 | |||
| 5.1. Normative References . . . . . . . . . . . . . . . . . . . 23 | 5.1. Normative References . . . . . . . . . . . . . . . . . . . 23 | |||
| 5.2. Informative References . . . . . . . . . . . . . . . . . . 23 | 5.2. Informative References . . . . . . . . . . . . . . . . . . 24 | |||
| Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . . 28 | Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . . 29 | |||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 28 | Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 30 | |||
| 1. Introduction | 1. Introduction | |||
| When the Public-Key Infrastructure using X.509 (PKIX) Working Group | When the Public-Key Infrastructure using X.509 (PKIX) Working Group | |||
| was chartered, an object identifier arc was was allocated by IANA for | was chartered, an object identifier arc was was allocated by IANA for | |||
| use by that working group. These object identifiers are primarily | use by that working group. These object identifiers are primarily | |||
| used with Abstract Syntax Notation One (ASN.1) [ASN1-88] [ASN1-97]. | used with Abstract Syntax Notation One (ASN.1) [ASN1-88] [ASN1-97]. | |||
| The ASN.1 specifications continue to evolve, but object identifiers | The ASN.1 specifications continue to evolve, but object identifiers | |||
| can be used with any and all versions of ASN.1. | can be used with any and all versions of ASN.1. | |||
| skipping to change at page 9, line 34 ¶ | skipping to change at page 9, line 34 ¶ | |||
| 74 id-mod-hmac [RFC6268] | 74 id-mod-hmac [RFC6268] | |||
| 75 id-mod-enrollMsgSyntax-2011-88 [RFC6402][Err3860] | 75 id-mod-enrollMsgSyntax-2011-88 [RFC6402][Err3860] | |||
| 76 id-mod-enrollMsgSyntax-2011-08 [RFC6402] | 76 id-mod-enrollMsgSyntax-2011-08 [RFC6402] | |||
| 77 id-mod-pubKeySMIMECaps-88 [RFC6664] | 77 id-mod-pubKeySMIMECaps-88 [RFC6664] | |||
| 78 id-mod-pubKeySMIMECaps-08 [RFC6664] | 78 id-mod-pubKeySMIMECaps-08 [RFC6664] | |||
| 79 id-mod-dhSign-2012-88 [RFC6955] | 79 id-mod-dhSign-2012-88 [RFC6955] | |||
| 80 id-mod-dhSign-2012-08 [RFC6955] | 80 id-mod-dhSign-2012-08 [RFC6955] | |||
| 81 id-mod-ocsp-2013-88 [RFC6960] | 81 id-mod-ocsp-2013-88 [RFC6960] | |||
| 82 id-mod-ocsp-2013-08 [RFC6960] | 82 id-mod-ocsp-2013-08 [RFC6960] | |||
| 83 id-mod-TEST-certPolicies [ID-Housley] | 83 id-mod-TEST-certPolicies [ID-Housley] | |||
| 84 id-mod-bgpsec-eku [ID-BGPSEC] | ||||
| Future updates to this table require both Specification Required and | Future updates to this table require both Specification Required and | |||
| Expert Review as defined in [RFC5226]. | Expert Review as defined in [RFC5226]. | |||
| 3.4. Add SMI Security for PKIX Certificate Extension Registry | 3.4. Add SMI Security for PKIX Certificate Extension Registry | |||
| Within the SMI-numbers registry, add a "SMI Security for PKIX | Within the SMI-numbers registry, add a "SMI Security for PKIX | |||
| Certificate Extension (1.3.6.1.5.5.7.1)" table with three columns: | Certificate Extension (1.3.6.1.5.5.7.1)" table with three columns: | |||
| Decimal Description References | Decimal Description References | |||
| skipping to change at page 11, line 28 ¶ | skipping to change at page 11, line 29 ¶ | |||
| 20 id-kp-sipDomain [RFC5924] | 20 id-kp-sipDomain [RFC5924] | |||
| 21 id-kp-secureShellClient [RFC6187] | 21 id-kp-secureShellClient [RFC6187] | |||
| 22 id-kp-secureShellServer [RFC6187] | 22 id-kp-secureShellServer [RFC6187] | |||
| 23 id-kp-sendRouter [RFC6494] | 23 id-kp-sendRouter [RFC6494] | |||
| 24 id-kp-sendProxy [RFC6494] | 24 id-kp-sendProxy [RFC6494] | |||
| 25 id-kp-sendOwner [RFC6494] | 25 id-kp-sendOwner [RFC6494] | |||
| 26 id-kp-sendProxiedOwner [RFC6494] | 26 id-kp-sendProxiedOwner [RFC6494] | |||
| 27 id-kp-cmcCA [RFC6402] | 27 id-kp-cmcCA [RFC6402] | |||
| 28 id-kp-cmcRA [RFC6402] | 28 id-kp-cmcRA [RFC6402] | |||
| 29 id-kp-cmcArchive [RFC6402] | 29 id-kp-cmcArchive [RFC6402] | |||
| 30 id-kp-bgpsec-router [ID-BGPSEC] | ||||
| Future updates to this table require both Specification Required and | Future updates to this table require both Specification Required and | |||
| Expert Review as defined in [RFC5226]. | Expert Review as defined in [RFC5226]. | |||
| 3.7. Add SMI Security for PKIX CMP Information Types Registry | 3.7. Add SMI Security for PKIX CMP Information Types Registry | |||
| Within the SMI-numbers registry, add a "SMI Security for PKIX CMP | Within the SMI-numbers registry, add a "SMI Security for PKIX CMP | |||
| Information Types (1.3.6.1.5.5.7.4)" table with three columns: | Information Types (1.3.6.1.5.5.7.4)" table with three columns: | |||
| Decimal Description References | Decimal Description References | |||
| skipping to change at page 24, line 15 ¶ | skipping to change at page 24, line 15 ¶ | |||
| 5.2. Informative References | 5.2. Informative References | |||
| [Err3860] Errata for RFC 6402. | [Err3860] Errata for RFC 6402. | |||
| [http://www.rfc-editor.org/errata_search.php?eid=3860] | [http://www.rfc-editor.org/errata_search.php?eid=3860] | |||
| [ID-Abley] Abley, J., J. Schlyter, and G. Bailey, "DNSSEC Trust | [ID-Abley] Abley, J., J. Schlyter, and G. Bailey, "DNSSEC Trust | |||
| Anchor Publication for the Root Zone", Work in Progress, | Anchor Publication for the Root Zone", Work in Progress, | |||
| December 2013. | December 2013. | |||
| [draft-jabley-dnssec-trust-anchor-08] | [draft-jabley-dnssec-trust-anchor-08] | |||
| [ID-BGPSEC] Reynolds, M., S. Turner, and S. Kent, "A Profile for | ||||
| BGPSEC Router Certificates, Certificate Revocation Lists, | ||||
| and Certification Requests", Work in Progress, September | ||||
| 2013. | ||||
| [draft-ietf-sidr-bgpsec-pki-profiles-06] | ||||
| [ID-Housley] Housley, R., "Object Identifiers for Test Certificate | [ID-Housley] Housley, R., "Object Identifiers for Test Certificate | |||
| Policies", Work in Progress, January 2014. | Policies", Work in Progress, January 2014. | |||
| [draft-housley-pkix-test-oids-00] | [draft-housley-pkix-test-oids-00] | |||
| [RFC2459] Housley, R., Ford, W., Polk, W., and D. Solo, "Internet | [RFC2459] Housley, R., Ford, W., Polk, W., and D. Solo, "Internet | |||
| X.509 Public Key Infrastructure Certificate and CRL | X.509 Public Key Infrastructure Certificate and CRL | |||
| Profile", RFC 2459, January 1999. | Profile", RFC 2459, January 1999. | |||
| [RFC2510] Adams, C. and S. Farrell, "Internet X.509 Public Key | [RFC2510] Adams, C. and S. Farrell, "Internet X.509 Public Key | |||
| Infrastructure Certificate Management Protocols", | Infrastructure Certificate Management Protocols", | |||
| skipping to change at page 25, line 10 ¶ | skipping to change at page 25, line 14 ¶ | |||
| [RFC2985] Nystrom, M. and B. Kaliski, "PKCS #9: Selected Object | [RFC2985] Nystrom, M. and B. Kaliski, "PKCS #9: Selected Object | |||
| Classes and Attribute Types Version 2.0", RFC 2985, | Classes and Attribute Types Version 2.0", RFC 2985, | |||
| November 2000. | November 2000. | |||
| [RFC3029] Adams, C., Sylvester, P., Zolotarev, M., and R. | [RFC3029] Adams, C., Sylvester, P., Zolotarev, M., and R. | |||
| Zuccherato, "Internet X.509 Public Key Infrastructure Data | Zuccherato, "Internet X.509 Public Key Infrastructure Data | |||
| Validation and Certification Server Protocols", RFC 3029, | Validation and Certification Server Protocols", RFC 3029, | |||
| February 2001. | February 2001. | |||
| [RFC3039] Santesson, S., Polk, W., Barzin, P., and M. Nystrom, | ||||
| "Internet X.509 Public Key Infrastructure Qualified | ||||
| Certificates Profile", RFC 3039, January 2001. | ||||
| [RFC3161] Adams, C., Cain, P., Pinkas, D., and R. Zuccherato, | [RFC3161] Adams, C., Cain, P., Pinkas, D., and R. Zuccherato, | |||
| "Internet X.509 Public Key Infrastructure Time-Stamp | "Internet X.509 Public Key Infrastructure Time-Stamp | |||
| Protocol (TSP)", RFC 3161, August 2001. | Protocol (TSP)", RFC 3161, August 2001. | |||
| [RFC3279] Bassham, L., Polk, W., and R. Housley, "Algorithms and | [RFC3279] Bassham, L., Polk, W., and R. Housley, "Algorithms and | |||
| Identifiers for the Internet X.509 Public Key | Identifiers for the Internet X.509 Public Key | |||
| Infrastructure Certificate and Certificate Revocation List | Infrastructure Certificate and Certificate Revocation List | |||
| (CRL) Profile", RFC 3279, April 2002. | (CRL) Profile", RFC 3279, April 2002. | |||
| [RFC3280] Housley, R., Polk, W., Ford, W., and D. Solo, "Internet | [RFC3280] Housley, R., Polk, W., Ford, W., and D. Solo, "Internet | |||
| skipping to change at page 26, line 44 ¶ | skipping to change at page 27, line 5 ¶ | |||
| [RFC4476] Francis, C. and D. Pinkas, "Attribute Certificate (AC) | [RFC4476] Francis, C. and D. Pinkas, "Attribute Certificate (AC) | |||
| Policies Extension", RFC 4476, May 2006. | Policies Extension", RFC 4476, May 2006. | |||
| [RFC4683] Park, J., Lee, J., . Lee, H., Park, S., and T. Polk, | [RFC4683] Park, J., Lee, J., . Lee, H., Park, S., and T. Polk, | |||
| "Internet X.509 Public Key Infrastructure Subject | "Internet X.509 Public Key Infrastructure Subject | |||
| Identification Method (SIM)", RFC 4683, October 2006. | Identification Method (SIM)", RFC 4683, October 2006. | |||
| [RFC4945] Korver, B., "The Internet IP Security PKI Profile of | [RFC4945] Korver, B., "The Internet IP Security PKI Profile of | |||
| IKEv1/ISAKMP, IKEv2, and PKIX", RFC 4945, August 2007. | IKEv1/ISAKMP, IKEv2, and PKIX", RFC 4945, August 2007. | |||
| [RFC4985] Santesson, S., "Internet X.509 Public Key Infrastructure | ||||
| Subject Alternative Name for Expression of Service Name", | ||||
| RFC 4985, August 2007. | ||||
| [RFC5055] Freeman, T., Housley, R., Malpani, A., Cooper, D., and W. | [RFC5055] Freeman, T., Housley, R., Malpani, A., Cooper, D., and W. | |||
| Polk, "Server-Based Certificate Validation Protocol | Polk, "Server-Based Certificate Validation Protocol | |||
| (SCVP)", RFC 5055, December 2007. | (SCVP)", RFC 5055, December 2007. | |||
| [RFC5272] Schaad, J. and M. Myers, "Certificate Management over CMS | [RFC5272] Schaad, J. and M. Myers, "Certificate Management over CMS | |||
| (CMC)", RFC 5272, June 2008. | (CMC)", RFC 5272, June 2008. | |||
| [RFC5275] Turner, S., "CMS Symmetric Key Management and | [RFC5275] Turner, S., "CMS Symmetric Key Management and | |||
| Distribution", RFC 5275, June 2008. | Distribution", RFC 5275, June 2008. | |||
| End of changes. 19 change blocks. | ||||
| 18 lines changed or deleted | 32 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||