1 -- Copyright (C) 2002-2014 Free Software Foundation, Inc.
3 -- This file is part of LIBTASN1.
5 -- This program is free software: you can redistribute it and/or modify
6 -- it under the terms of the GNU General Public License as published by
7 -- the Free Software Foundation, either version 3 of the License, or
8 -- (at your option) any later version.
10 -- This program is distributed in the hope that it will be useful,
11 -- but WITHOUT ANY WARRANTY; without even the implied warranty of
12 -- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 -- GNU General Public License for more details.
15 -- You should have received a copy of the GNU General Public License
16 -- along with this program. If not, see <http://www.gnu.org/licenses/>.
18 PKIX1Implicit88 {iso(1) identified-organization(3) dod(6) internet(1)
19 security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-implicit-88(2)}
21 DEFINITIONS IMPLICIT TAGS ::=
25 -- ISO arc for standard certificate and CRL extensions
27 id-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29}
30 -- authority key identifier OID and syntax
32 id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 }
34 AuthorityKeyIdentifier ::= SEQUENCE {
35 keyIdentifier [0] KeyIdentifier OPTIONAL,
36 authorityCertIssuer [1] GeneralNames OPTIONAL,
37 authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL }
38 -- authorityCertIssuer and authorityCertSerialNumber shall both
39 -- be present or both be absgent
41 KeyIdentifier ::= OCTET STRING
43 -- subject key identifier OID and syntax
45 id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 }
47 SubjectKeyIdentifier ::= KeyIdentifier
49 -- key usage extension OID and syntax
51 id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 }
53 KeyUsage ::= BIT STRING {
64 -- private key usage period extension OID and syntax
66 id-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= { id-ce 16 }
68 PrivateKeyUsagePeriod ::= SEQUENCE {
69 notBefore [0] GeneralizedTime OPTIONAL,
70 notAfter [1] GeneralizedTime OPTIONAL }
71 -- either notBefore or notAfter shall be present
73 -- certificate policies extension OID and syntax
75 id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 }
77 CertificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
79 PolicyInformation ::= SEQUENCE {
80 policyIdentifier CertPolicyId,
81 policyQualifiers SEQUENCE SIZE (1..MAX) OF
82 PolicyQualifierInfo OPTIONAL }
84 CertPolicyId ::= OBJECT IDENTIFIER
86 PolicyQualifierInfo ::= SEQUENCE {
87 policyQualifierId PolicyQualifierId,
88 qualifier ANY DEFINED BY policyQualifierId }
90 -- Implementations that recognize additional policy qualifiers shall
91 -- augment the following definition for PolicyQualifierId
94 OBJECT IDENTIFIER -- ( id-qt-cps | id-qt-unotice )
96 -- CPS pointer qualifier
100 -- user notice qualifier
102 UserNotice ::= SEQUENCE {
103 noticeRef NoticeReference OPTIONAL,
104 explicitText DisplayText OPTIONAL}
106 NoticeReference ::= SEQUENCE {
107 organization DisplayText,
108 noticeNumbers SEQUENCE OF INTEGER }
110 DisplayText ::= CHOICE {
111 visibleString VisibleString (SIZE (1..200)),
112 bmpString BMPString (SIZE (1..200)),
113 utf8String UTF8String (SIZE (1..200)) }
115 -- policy mapping extension OID and syntax
117 id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 }
119 PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
120 issuerDomainPolicy CertPolicyId,
121 subjectDomainPolicy CertPolicyId }
123 -- subject alternative name extension OID and syntax
125 id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 }
127 SubjectAltName ::= GeneralNames
129 GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
131 GeneralName ::= CHOICE {
132 otherName [0] AnotherName,
133 rfc822Name [1] IA5String,
134 dNSName [2] IA5String,
135 x400Address [3] ORAddress,
136 directoryName [4] Name,
137 ediPartyName [5] EDIPartyName,
138 uniformResourceIdentifier [6] IA5String,
139 iPAddress [7] OCTET STRING,
140 registeredID [8] OBJECT IDENTIFIER }
142 -- AnotherName replaces OTHER-NAME ::= TYPE-IDENTIFIER, as
143 -- TYPE-IDENTIFIER is not supported in the '88 ASN.1 syntax
145 AnotherName ::= SEQUENCE {
146 type-id OBJECT IDENTIFIER,
147 value [0] EXPLICIT ANY DEFINED BY type-id }
149 EDIPartyName ::= SEQUENCE {
150 nameAssigner [0] DirectoryString OPTIONAL,
151 partyName [1] DirectoryString }
153 -- issuer alternative name extension OID and syntax
155 id-ce-issuerAltName OBJECT IDENTIFIER ::= { id-ce 18 }
157 IssuerAltName ::= GeneralNames
159 id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-ce 9 }
161 SubjectDirectoryAttributes ::= SEQUENCE SIZE (1..MAX) OF Attribute
163 -- basic constraints extension OID and syntax
165 id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 }
167 BasicConstraints ::= SEQUENCE {
168 cA BOOLEAN DEFAULT FALSE,
169 pathLenConstraint INTEGER (0..MAX) OPTIONAL }
171 -- name constraints extension OID and syntax
173 id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 }
175 NameConstraints ::= SEQUENCE {
176 permittedSubtrees [0] GeneralSubtrees OPTIONAL,
177 excludedSubtrees [1] GeneralSubtrees OPTIONAL }
179 GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
181 GeneralSubtree ::= SEQUENCE {
183 minimum [0] BaseDistance DEFAULT 0,
184 maximum [1] BaseDistance OPTIONAL }
186 BaseDistance ::= INTEGER (0..MAX)
188 -- policy constraints extension OID and syntax
190 id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 }
192 PolicyConstraints ::= SEQUENCE {
193 requireExplicitPolicy [0] SkipCerts OPTIONAL,
194 inhibitPolicyMapping [1] SkipCerts OPTIONAL }
196 SkipCerts ::= INTEGER (0..MAX)
198 -- CRL distribution points extension OID and syntax
200 id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= {id-ce 31}
202 CRLDistPointsSyntax ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
204 DistributionPoint ::= SEQUENCE {
205 distributionPoint [0] DistributionPointName OPTIONAL,
206 reasons [1] ReasonFlags OPTIONAL,
207 cRLIssuer [2] GeneralNames OPTIONAL }
209 DistributionPointName ::= CHOICE {
210 fullName [0] GeneralNames,
211 nameRelativeToCRLIssuer [1] RelativeDistinguishedName }
215 ReasonFlags ::= BIT STRING {
219 affiliationChanged (3),
221 cessationOfOperation (5),
222 certificateHold (6) }
224 -- extended key usage extension OID and syntax
226 id-ce-extKeyUsage OBJECT IDENTIFIER ::= {id-ce 37}
228 ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
230 KeyPurposeId ::= OBJECT IDENTIFIER
232 -- extended key purpose OIDs
233 id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 }
234 id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 }
235 id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 }
236 id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 }
237 id-kp-ipsecEndSystem OBJECT IDENTIFIER ::= { id-kp 5 }
238 id-kp-ipsecTunnel OBJECT IDENTIFIER ::= { id-kp 6 }
239 id-kp-ipsecUser OBJECT IDENTIFIER ::= { id-kp 7 }
240 id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 }
242 -- authority info access
244 id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }
246 AuthorityInfoAccessSyntax ::=
247 SEQUENCE SIZE (1..MAX) OF AccessDescription
249 AccessDescription ::= SEQUENCE {
250 accessMethod OBJECT IDENTIFIER,
251 accessLocation GeneralName }
253 -- CRL number extension OID and syntax
255 id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 }
257 CRLNumber ::= INTEGER (0..MAX)
259 -- issuing distribution point extension OID and syntax
261 id-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-ce 28 }
263 IssuingDistributionPoint ::= SEQUENCE {
264 distributionPoint [0] DistributionPointName OPTIONAL,
265 onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE,
266 onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE,
267 onlySomeReasons [3] ReasonFlags OPTIONAL,
268 indirectCRL [4] BOOLEAN DEFAULT FALSE }
271 id-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-ce 27 }
273 -- deltaCRLIndicator ::= BaseCRLNumber
275 BaseCRLNumber ::= CRLNumber
277 -- CRL reasons extension OID and syntax
279 id-ce-cRLReasons OBJECT IDENTIFIER ::= { id-ce 21 }
281 CRLReason ::= ENUMERATED {
285 affiliationChanged (3),
287 cessationOfOperation (5),
291 -- certificate issuer CRL entry extension OID and syntax
293 id-ce-certificateIssuer OBJECT IDENTIFIER ::= { id-ce 29 }
295 CertificateIssuer ::= GeneralNames
297 -- hold instruction extension OID and syntax
299 id-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-ce 23 }
301 HoldInstructionCode ::= OBJECT IDENTIFIER
303 -- ANSI x9 holdinstructions
305 -- ANSI x9 arc holdinstruction arc
306 holdInstruction OBJECT IDENTIFIER ::=
307 {joint-iso-itu-t(2) member-body(2) us(840) x9cm(10040) 2}
309 -- ANSI X9 holdinstructions referenced by this standard
310 id-holdinstruction-none OBJECT IDENTIFIER ::=
311 {holdInstruction 1} -- deprecated
312 id-holdinstruction-callissuer OBJECT IDENTIFIER ::=
314 id-holdinstruction-reject OBJECT IDENTIFIER ::=
317 -- invalidity date CRL entry extension OID and syntax
319 id-ce-invalidityDate OBJECT IDENTIFIER ::= { id-ce 24 }
321 InvalidityDate ::= GeneralizedTime
324 -- --------------------------------------
326 -- --------------------------------------
328 -- UNIVERSAL Types defined in '93 and '98 ASN.1
329 -- but required by this specification
331 VisibleString ::= [UNIVERSAL 26] IMPLICIT OCTET STRING
333 NumericString ::= [UNIVERSAL 18] IMPLICIT OCTET STRING
335 IA5String ::= [UNIVERSAL 22] IMPLICIT OCTET STRING
337 TeletexString ::= [UNIVERSAL 20] IMPLICIT OCTET STRING
339 PrintableString ::= [UNIVERSAL 19] IMPLICIT OCTET STRING
341 UniversalString ::= [UNIVERSAL 28] IMPLICIT OCTET STRING
342 -- UniversalString is defined in ASN.1:1993
344 BMPString ::= [UNIVERSAL 30] IMPLICIT OCTET STRING
345 -- BMPString is the subtype of UniversalString and models
346 -- the Basic Multilingual Plane of ISO/IEC/ITU 10646-1
348 UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING
349 -- The content of this type conforms to RFC 2279.
352 -- PKIX specific OIDs
354 id-pkix OBJECT IDENTIFIER ::=
355 { iso(1) identified-organization(3) dod(6) internet(1)
356 security(5) mechanisms(5) pkix(7) }
360 id-pe OBJECT IDENTIFIER ::= { id-pkix 1 }
361 -- arc for private certificate extensions
362 id-qt OBJECT IDENTIFIER ::= { id-pkix 2 }
363 -- arc for policy qualifier types
364 id-kp OBJECT IDENTIFIER ::= { id-pkix 3 }
365 -- arc for extended key purpose OIDS
366 id-ad OBJECT IDENTIFIER ::= { id-pkix 48 }
367 -- arc for access descriptors
369 -- policyQualifierIds for Internet policy qualifiers
371 id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 }
372 -- OID for CPS qualifier
373 id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 }
374 -- OID for user notice qualifier
376 -- access descriptor definitions
378 id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 }
379 id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 }
381 -- attribute data types --
383 Attribute ::= SEQUENCE {
385 values SET OF AttributeValue
386 -- at least one value is required --
389 AttributeType ::= OBJECT IDENTIFIER
391 AttributeValue ::= ANY
393 AttributeTypeAndValue ::= SEQUENCE {
395 value AttributeValue }
397 -- suggested naming attributes: Definition of the following
398 -- information object set may be augmented to meet local
399 -- requirements. Note that deleting members of the set may
400 -- prevent interoperability with conforming implementations.
401 -- presented in pairs: the AttributeType followed by the
402 -- type definition for the corresponding AttributeValue
404 -- Arc for standard naming attributes
405 id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4}
407 -- Attributes of type NameDirectoryString
408 id-at-name AttributeType ::= {id-at 41}
409 id-at-surname AttributeType ::= {id-at 4}
410 id-at-givenName AttributeType ::= {id-at 42}
411 id-at-initials AttributeType ::= {id-at 43}
412 id-at-generationQualifier AttributeType ::= {id-at 44}
414 X520name ::= CHOICE {
415 teletexString TeletexString (SIZE (1..ub-name)),
416 printableString PrintableString (SIZE (1..ub-name)),
417 universalString UniversalString (SIZE (1..ub-name)),
418 utf8String UTF8String (SIZE (1..ub-name)),
419 bmpString BMPString (SIZE(1..ub-name)) }
423 id-at-commonName AttributeType ::= {id-at 3}
425 X520CommonName ::= CHOICE {
426 teletexString TeletexString (SIZE (1..ub-common-name)),
427 printableString PrintableString (SIZE (1..ub-common-name)),
428 universalString UniversalString (SIZE (1..ub-common-name)),
429 utf8String UTF8String (SIZE (1..ub-common-name)),
430 bmpString BMPString (SIZE(1..ub-common-name)) }
434 id-at-localityName AttributeType ::= {id-at 7}
436 X520LocalityName ::= CHOICE {
437 teletexString TeletexString (SIZE (1..ub-locality-name)),
438 printableString PrintableString (SIZE (1..ub-locality-name)),
439 universalString UniversalString (SIZE (1..ub-locality-name)),
440 utf8String UTF8String (SIZE (1..ub-locality-name)),
441 bmpString BMPString (SIZE(1..ub-locality-name)) }
445 id-at-stateOrProvinceName AttributeType ::= {id-at 8}
447 X520StateOrProvinceName ::= CHOICE {
448 teletexString TeletexString (SIZE (1..ub-state-name)),
449 printableString PrintableString (SIZE (1..ub-state-name)),
450 universalString UniversalString (SIZE (1..ub-state-name)),
451 utf8String UTF8String (SIZE (1..ub-state-name)),
452 bmpString BMPString (SIZE(1..ub-state-name)) }
456 id-at-organizationName AttributeType ::= {id-at 10}
458 X520OrganizationName ::= CHOICE {
459 teletexString TeletexString (SIZE (1..ub-organization-name)),
460 printableString PrintableString (SIZE (1..ub-organization-name)),
461 universalString UniversalString (SIZE (1..ub-organization-name)),
462 utf8String UTF8String (SIZE (1..ub-organization-name)),
463 bmpString BMPString (SIZE(1..ub-organization-name)) }
467 id-at-organizationalUnitName AttributeType ::= {id-at 11}
469 X520OrganizationalUnitName ::= CHOICE {
470 teletexString TeletexString (SIZE (1..ub-organizational-unit-name)),
471 printableString PrintableString
472 (SIZE (1..ub-organizational-unit-name)),
473 universalString UniversalString
474 (SIZE (1..ub-organizational-unit-name)),
475 utf8String UTF8String (SIZE (1..ub-organizational-unit-name)),
476 bmpString BMPString (SIZE(1..ub-organizational-unit-name)) }
480 id-at-title AttributeType ::= {id-at 12}
482 X520Title ::= CHOICE {
483 teletexString TeletexString (SIZE (1..ub-title)),
484 printableString PrintableString (SIZE (1..ub-title)),
485 universalString UniversalString (SIZE (1..ub-title)),
486 utf8String UTF8String (SIZE (1..ub-title)),
487 bmpString BMPString (SIZE(1..ub-title)) }
491 id-at-dnQualifier AttributeType ::= {id-at 46}
492 X520dnQualifier ::= PrintableString
494 id-at-countryName AttributeType ::= {id-at 6}
495 X520countryName ::= PrintableString (SIZE (2)) -- IS 3166 codes
499 pkcs-9 OBJECT IDENTIFIER ::=
500 { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 }
502 emailAddress AttributeType ::= { pkcs-9 1 }
504 Pkcs9email ::= IA5String (SIZE (1..ub-emailaddress-length))
506 -- naming data types --
508 Name ::= CHOICE { -- only one possibility for now --
509 rdnSequence RDNSequence }
511 RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
513 DistinguishedName ::= RDNSequence
515 RelativeDistinguishedName ::=
516 SET SIZE (1 .. MAX) OF AttributeTypeAndValue
518 -- Directory string type --
520 DirectoryString ::= CHOICE {
521 teletexString TeletexString (SIZE (1..MAX)),
522 printableString PrintableString (SIZE (1..MAX)),
523 universalString UniversalString (SIZE (1..MAX)),
524 utf8String UTF8String (SIZE (1..MAX)),
525 bmpString BMPString (SIZE(1..MAX)) }
528 -- --------------------------------------------------------
529 -- certificate and CRL specific structures begin here
530 -- --------------------------------------------------------
532 Certificate ::= SEQUENCE {
533 tbsCertificate TBSCertificate,
534 signatureAlgorithm AlgorithmIdentifier,
535 signature BIT STRING }
537 TBSCertificate ::= SEQUENCE {
538 version [0] EXPLICIT Version DEFAULT v1,
539 serialNumber CertificateSerialNumber,
540 signature AlgorithmIdentifier,
544 subjectPublicKeyInfo SubjectPublicKeyInfo,
545 issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
546 -- If present, version shall be v2 or v3
547 subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
548 -- If present, version shall be v2 or v3
549 extensions [3] EXPLICIT Extensions OPTIONAL
550 -- If present, version shall be v3 --
553 Version ::= INTEGER { v1(0), v2(1), v3(2) }
555 CertificateSerialNumber ::= INTEGER
557 Validity ::= SEQUENCE {
563 generalTime GeneralizedTime }
565 UniqueIdentifier ::= BIT STRING
567 SubjectPublicKeyInfo ::= SEQUENCE {
568 algorithm AlgorithmIdentifier,
569 subjectPublicKey BIT STRING }
571 Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
573 Extension ::= SEQUENCE {
574 extnID OBJECT IDENTIFIER,
575 critical BOOLEAN DEFAULT FALSE,
576 extnValue OCTET STRING }
579 -- ------------------------------------------
581 -- ------------------------------------------
583 CertificateList ::= SEQUENCE {
584 tbsCertList TBSCertList,
585 signatureAlgorithm AlgorithmIdentifier,
586 signature BIT STRING }
588 TBSCertList ::= SEQUENCE {
589 version Version OPTIONAL,
590 -- if present, shall be v2
591 signature AlgorithmIdentifier,
594 nextUpdate Time OPTIONAL,
595 revokedCertificates SEQUENCE OF SEQUENCE {
596 userCertificate CertificateSerialNumber,
598 crlEntryExtensions Extensions OPTIONAL
599 -- if present, shall be v2
601 crlExtensions [0] EXPLICIT Extensions OPTIONAL
602 -- if present, shall be v2 --
605 -- Version, Time, CertificateSerialNumber, and Extensions were
606 -- defined earlier for use in the certificate structure
608 AlgorithmIdentifier ::= SEQUENCE {
609 algorithm OBJECT IDENTIFIER,
610 parameters ANY DEFINED BY algorithm OPTIONAL }
611 -- contains a value of the type
612 -- registered for use with the
613 -- algorithm object identifier value
615 -- Algorithm OIDs and parameter structures
617 pkcs-1 OBJECT IDENTIFIER ::= {
618 iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 }
620 rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 }
622 md2WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 2 }
624 md5WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 4 }
626 sha1WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 5 }
628 id-dsa-with-sha1 OBJECT IDENTIFIER ::= {
629 iso(1) member-body(2) us(840) x9-57 (10040) x9algorithm(4) 3 }
631 Dss-Sig-Value ::= SEQUENCE {
635 dhpublicnumber OBJECT IDENTIFIER ::= {
636 iso(1) member-body(2) us(840) ansi-x942(10046) number-type(2) 1 }
638 DomainParameters ::= SEQUENCE {
639 p INTEGER, -- odd prime, p=jq +1
640 g INTEGER, -- generator, g
641 q INTEGER, -- factor of p-1
642 j INTEGER OPTIONAL, -- subgroup factor, j>= 2
643 validationParms ValidationParms OPTIONAL }
645 ValidationParms ::= SEQUENCE {
647 pgenCounter INTEGER }
649 id-dsa OBJECT IDENTIFIER ::= {
650 iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) 1 }
652 Dss-Parms ::= SEQUENCE {
657 -- x400 address syntax starts here
660 ORAddress ::= SEQUENCE {
661 built-in-standard-attributes BuiltInStandardAttributes,
662 built-in-domain-defined-attributes
663 BuiltInDomainDefinedAttributes OPTIONAL,
664 -- see also teletex-domain-defined-attributes
665 extension-attributes ExtensionAttributes OPTIONAL }
666 -- The OR-address is semantically absent from the OR-name if the
667 -- built-in-standard-attribute sequence is empty and the
668 -- built-in-domain-defined-attributes and extension-attributes are
671 -- Built-in Standard Attributes
673 BuiltInStandardAttributes ::= SEQUENCE {
674 country-name CountryName OPTIONAL,
675 administration-domain-name AdministrationDomainName OPTIONAL,
676 network-address [0] EXPLICIT NetworkAddress OPTIONAL,
677 -- see also extended-network-address
678 terminal-identifier [1] EXPLICIT TerminalIdentifier OPTIONAL,
679 private-domain-name [2] EXPLICIT PrivateDomainName OPTIONAL,
680 organization-name [3] EXPLICIT OrganizationName OPTIONAL,
681 -- see also teletex-organization-name
682 numeric-user-identifier [4] EXPLICIT NumericUserIdentifier OPTIONAL,
683 personal-name [5] EXPLICIT PersonalName OPTIONAL,
684 -- see also teletex-personal-name
685 organizational-unit-names [6] EXPLICIT OrganizationalUnitNames OPTIONAL
686 -- see also teletex-organizational-unit-names --
689 CountryName ::= [APPLICATION 1] CHOICE {
690 x121-dcc-code NumericString
691 (SIZE (ub-country-name-numeric-length)),
692 iso-3166-alpha2-code PrintableString
693 (SIZE (ub-country-name-alpha-length)) }
695 AdministrationDomainName ::= [APPLICATION 2] EXPLICIT CHOICE {
696 numeric NumericString (SIZE (0..ub-domain-name-length)),
697 printable PrintableString (SIZE (0..ub-domain-name-length)) }
699 NetworkAddress ::= X121Address -- see also extended-network-address
701 X121Address ::= NumericString (SIZE (1..ub-x121-address-length))
703 TerminalIdentifier ::= PrintableString (SIZE (1..ub-terminal-id-length))
705 PrivateDomainName ::= CHOICE {
706 numeric NumericString (SIZE (1..ub-domain-name-length)),
707 printable PrintableString (SIZE (1..ub-domain-name-length)) }
709 OrganizationName ::= PrintableString
710 (SIZE (1..ub-organization-name-length))
711 -- see also teletex-organization-name
713 NumericUserIdentifier ::= NumericString
714 (SIZE (1..ub-numeric-user-id-length))
716 PersonalName ::= SET {
717 surname [0] PrintableString (SIZE (1..ub-surname-length)),
718 given-name [1] PrintableString
719 (SIZE (1..ub-given-name-length)) OPTIONAL,
720 initials [2] PrintableString (SIZE (1..ub-initials-length)) OPTIONAL,
721 generation-qualifier [3] PrintableString
722 (SIZE (1..ub-generation-qualifier-length)) OPTIONAL }
723 -- see also teletex-personal-name
725 OrganizationalUnitNames ::= SEQUENCE SIZE (1..ub-organizational-units)
726 OF OrganizationalUnitName
727 -- see also teletex-organizational-unit-names
729 OrganizationalUnitName ::= PrintableString (SIZE
730 (1..ub-organizational-unit-name-length))
732 -- Built-in Domain-defined Attributes
734 BuiltInDomainDefinedAttributes ::= SEQUENCE SIZE
735 (1..ub-domain-defined-attributes) OF
736 BuiltInDomainDefinedAttribute
738 BuiltInDomainDefinedAttribute ::= SEQUENCE {
739 type PrintableString (SIZE
740 (1..ub-domain-defined-attribute-type-length)),
741 value PrintableString (SIZE
742 (1..ub-domain-defined-attribute-value-length))}
744 -- Extension Attributes
746 ExtensionAttributes ::= SET SIZE (1..ub-extension-attributes) OF
749 ExtensionAttribute ::= SEQUENCE {
750 extension-attribute-type [0] EXPLICIT INTEGER (0..ub-extension-attributes),
751 extension-attribute-value [1] EXPLICIT
752 ANY DEFINED BY extension-attribute-type }
754 -- Extension types and attribute values
757 common-name INTEGER ::= 1
759 CommonName ::= PrintableString (SIZE (1..ub-common-name-length))
761 teletex-common-name INTEGER ::= 2
763 TeletexCommonName ::= TeletexString (SIZE (1..ub-common-name-length))
765 teletex-organization-name INTEGER ::= 3
767 TeletexOrganizationName ::=
768 TeletexString (SIZE (1..ub-organization-name-length))
770 teletex-personal-name INTEGER ::= 4
772 TeletexPersonalName ::= SET {
773 surname [0] EXPLICIT TeletexString (SIZE (1..ub-surname-length)),
774 given-name [1] EXPLICIT TeletexString
775 (SIZE (1..ub-given-name-length)) OPTIONAL,
776 initials [2] EXPLICIT TeletexString (SIZE (1..ub-initials-length)) OPTIONAL,
777 generation-qualifier [3] EXPLICIT TeletexString (SIZE
778 (1..ub-generation-qualifier-length)) OPTIONAL }
780 teletex-organizational-unit-names INTEGER ::= 5
782 TeletexOrganizationalUnitNames ::= SEQUENCE SIZE
783 (1..ub-organizational-units) OF TeletexOrganizationalUnitName
785 TeletexOrganizationalUnitName ::= TeletexString
786 (SIZE (1..ub-organizational-unit-name-length))
788 pds-name INTEGER ::= 7
790 PDSName ::= PrintableString (SIZE (1..ub-pds-name-length))
792 physical-delivery-country-name INTEGER ::= 8
794 PhysicalDeliveryCountryName ::= CHOICE {
795 x121-dcc-code NumericString (SIZE (ub-country-name-numeric-length)),
796 iso-3166-alpha2-code PrintableString
797 (SIZE (ub-country-name-alpha-length)) }
799 postal-code INTEGER ::= 9
801 PostalCode ::= CHOICE {
802 numeric-code NumericString (SIZE (1..ub-postal-code-length)),
803 printable-code PrintableString (SIZE (1..ub-postal-code-length)) }
805 physical-delivery-office-name INTEGER ::= 10
807 PhysicalDeliveryOfficeName ::= PDSParameter
809 physical-delivery-office-number INTEGER ::= 11
811 PhysicalDeliveryOfficeNumber ::= PDSParameter
813 extension-OR-address-components INTEGER ::= 12
815 ExtensionORAddressComponents ::= PDSParameter
817 physical-delivery-personal-name INTEGER ::= 13
819 PhysicalDeliveryPersonalName ::= PDSParameter
821 physical-delivery-organization-name INTEGER ::= 14
823 PhysicalDeliveryOrganizationName ::= PDSParameter
825 extension-physical-delivery-address-components INTEGER ::= 15
827 ExtensionPhysicalDeliveryAddressComponents ::= PDSParameter
829 unformatted-postal-address INTEGER ::= 16
831 UnformattedPostalAddress ::= SET {
832 printable-address SEQUENCE SIZE (1..ub-pds-physical-address-lines) OF
833 PrintableString (SIZE (1..ub-pds-parameter-length)) OPTIONAL,
834 teletex-string TeletexString
835 (SIZE (1..ub-unformatted-address-length)) OPTIONAL }
837 street-address INTEGER ::= 17
839 StreetAddress ::= PDSParameter
841 post-office-box-address INTEGER ::= 18
843 PostOfficeBoxAddress ::= PDSParameter
845 poste-restante-address INTEGER ::= 19
847 PosteRestanteAddress ::= PDSParameter
849 unique-postal-name INTEGER ::= 20
851 UniquePostalName ::= PDSParameter
853 local-postal-attributes INTEGER ::= 21
855 LocalPostalAttributes ::= PDSParameter
857 PDSParameter ::= SET {
858 printable-string PrintableString
859 (SIZE(1..ub-pds-parameter-length)) OPTIONAL,
860 teletex-string TeletexString
861 (SIZE(1..ub-pds-parameter-length)) OPTIONAL }
863 extended-network-address INTEGER ::= 22
865 ExtendedNetworkAddress ::= CHOICE {
866 e163-4-address SEQUENCE {
867 number [0] EXPLICIT NumericString (SIZE (1..ub-e163-4-number-length)),
868 sub-address [1] EXPLICIT NumericString
869 (SIZE (1..ub-e163-4-sub-address-length)) OPTIONAL },
870 psap-address [0] EXPLICIT PresentationAddress }
872 PresentationAddress ::= SEQUENCE {
873 pSelector [0] EXPLICIT OCTET STRING OPTIONAL,
874 sSelector [1] EXPLICIT OCTET STRING OPTIONAL,
875 tSelector [2] EXPLICIT OCTET STRING OPTIONAL,
876 nAddresses [3] EXPLICIT SET SIZE (1..MAX) OF OCTET STRING }
878 terminal-type INTEGER ::= 23
880 TerminalType ::= INTEGER {
886 videotex (8) } (0..ub-integer-options)
888 -- Extension Domain-defined Attributes
890 teletex-domain-defined-attributes INTEGER ::= 6
892 TeletexDomainDefinedAttributes ::= SEQUENCE SIZE
893 (1..ub-domain-defined-attributes) OF TeletexDomainDefinedAttribute
895 TeletexDomainDefinedAttribute ::= SEQUENCE {
897 (SIZE (1..ub-domain-defined-attribute-type-length)),
899 (SIZE (1..ub-domain-defined-attribute-value-length)) }
901 -- specifications of Upper Bounds shall be regarded as mandatory
902 -- from Annex B of ITU-T X.411 Reference Definition of MTS Parameter
906 ub-name INTEGER ::= 32768
907 ub-common-name INTEGER ::= 64
908 ub-locality-name INTEGER ::= 128
909 ub-state-name INTEGER ::= 128
910 ub-organization-name INTEGER ::= 64
911 ub-organizational-unit-name INTEGER ::= 64
912 ub-title INTEGER ::= 64
913 ub-match INTEGER ::= 128
915 ub-emailaddress-length INTEGER ::= 128
917 ub-common-name-length INTEGER ::= 64
918 ub-country-name-alpha-length INTEGER ::= 2
919 ub-country-name-numeric-length INTEGER ::= 3
920 ub-domain-defined-attributes INTEGER ::= 4
921 ub-domain-defined-attribute-type-length INTEGER ::= 8
922 ub-domain-defined-attribute-value-length INTEGER ::= 128
923 ub-domain-name-length INTEGER ::= 16
924 ub-extension-attributes INTEGER ::= 256
925 ub-e163-4-number-length INTEGER ::= 15
926 ub-e163-4-sub-address-length INTEGER ::= 40
927 ub-generation-qualifier-length INTEGER ::= 3
928 ub-given-name-length INTEGER ::= 16
929 ub-initials-length INTEGER ::= 5
930 ub-integer-options INTEGER ::= 256
931 ub-numeric-user-id-length INTEGER ::= 32
932 ub-organization-name-length INTEGER ::= 64
933 ub-organizational-unit-name-length INTEGER ::= 32
934 ub-organizational-units INTEGER ::= 4
935 ub-pds-name-length INTEGER ::= 16
936 ub-pds-parameter-length INTEGER ::= 30
937 ub-pds-physical-address-lines INTEGER ::= 6
938 ub-postal-code-length INTEGER ::= 16
939 ub-surname-length INTEGER ::= 40
940 ub-terminal-id-length INTEGER ::= 24
941 ub-unformatted-address-length INTEGER ::= 180
942 ub-x121-address-length INTEGER ::= 16
944 -- Note - upper bounds on string types, such as TeletexString, are
945 -- measured in characters. Excepting PrintableString or IA5String, a
946 -- significantly greater number of octets will be required to hold
947 -- such a value. As a minimum, 16 octets, or twice the specified upper
948 -- bound, whichever is the larger, should be allowed for TeletexString.
949 -- For UTF8String or UniversalString at least four times the upper
950 -- bound should be allowed.