On 2/6/2012 9:41 AM, Curt Sampson wrote:
I'm not terribly familiar with OIDs in ASN.1 and the like, so I wanted
to confirm that I have the correct impression here.
If I were to create a custom X.509 certificate extension for use within
my enterprise and with others outside who wanted to write or modify
their own software to interoperate with it, I'd need to assign an OID
for this extension, right? And for that, would the standard way to do
this be to assign an OID underneath the one assigned to us by the IANA
in their Private Enterprise Number list[1], right?
(I note that [1] claims to be the "SMI Network Management Private
Enterprise Codes", but I gather that others use this for pretty much
anything where they need a unique OID.)
[1]: http://www.iana.org/assignments/enterprise-numbers
cjs
Yes, the Enterprise numbers are the easy way of getting a
unique OID number space to a company which is not one of
the big special organizations (ISO, ITU, IETF etc.). For
example, RSADSI (when they were still a crypto company)
used their "enterprise OID" as a prefix for all the OIDs
defined in their PKCS standards, those OIDs are now part
of the derived official standards, but the rest of the
RSADSI OID space remains theirs.
Because only one enterprise number is allowed per company,
the first thing you should do is to add a ".1" or ".0" for
the your/their first way of assigning numbers below their
"enterprise OID", then increment that field when you need
a new OID space for the same company.
Example, RSADSI added a ".1" to their enterprise OID to
define the base OID for all PKCS standards, with the next
element being the number of the PKCS standard, they used
".2" for their hash algorithms and ".3" for their
encryption algorithms. Thus
RSADSI.1.1.1 is PKCS#1.rsaEncryption
RSADSI.2.5 is RSADSI message digest algorithm MD5
RSADIS.3.4 is RSADSI encryption algorithm RC4
etc.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
