INTERNET-DRAFT R. Housley
Intended Status: Informational Vigil Security
Expires: 11 July 2014 7 January 2014
Object Identifiers for Test Certificate Policies
draft-housley-pkix-test-oids-00
Abstract
This document provides several certificate policy identifiers for
testing certificate handling software.
Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as
Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/1id-abstracts.html
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html
Copyright and License Notice
Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Housley Expires 11 July 2014 [Page 1]
INTERNET DRAFT PKIX TEST OIDs January 2014
1. Introduction
This document provides several certificate policy identifiers for
testing certificate handling software. These certificate policy
identifiers are not intended for use in the public Internet.
The certificate policy identifiers provided in this document are
consistent with the certificate profile specified in [RFC5280], and
they are appropriate for testing the certificate policy processing,
especially the handling of the certificate policy extension, the
policy constraints extension, and the policy mapping extension.
2. Certificate Policy Identifiers for Testing
The following certificate policy identifiers are provided for testing
certificate handling software. ASN.1 [ASN1-88][ASN1-97] object
identifiers are used to name certificate policies.
id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
dod(6) internet(1) security(5) mechanisms(5) pkix(7) }
id-TEST OBJECT IDENTIFIER ::= { id-pkix 13 }
-- Object Identifiers used ONLY for TESTING
id-TEST-certPolicyOne OBJECT IDENTIFIER ::= { id-TEST 1 }
id-TEST-certPolicyTwo OBJECT IDENTIFIER ::= { id-TEST 2 }
id-TEST-certPolicyThree OBJECT IDENTIFIER ::= { id-TEST 3 }
id-TEST-certPolicyFour OBJECT IDENTIFIER ::= { id-TEST 4 }
id-TEST-certPolicyFive OBJECT IDENTIFIER ::= { id-TEST 5 }
id-TEST-certPolicySix OBJECT IDENTIFIER ::= { id-TEST 6 }
id-TEST-certPolicySeven OBJECT IDENTIFIER ::= { id-TEST 7 }
id-TEST-certPolicyEight OBJECT IDENTIFIER ::= { id-TEST 8 }
3. Security Considerations
This specification does not identify particular certificate policies
for use in the Internet public key infrastructure. The actual
polices used for production certificates has a significant impact on
the confidence that one can place in the certificate. No confidence
should be placed in any certificate that makes use of these
certificate policy identifiers since they are intended only for
testing.
4. IANA Considerations
The object identifiers used in this document are defined in an arc
delegated by IANA to the PKIX Working Group. No further action by
IANA is necessary for this document or any anticipated updates.
Housley Expires 11 July 2014 [Page 2]
INTERNET DRAFT PKIX TEST OIDs January 2014
5. Normative References
[ASN1-88] International Telephone and Telegraph Consultative
Committee, "Specification of Abstract Syntax Notation One
(ASN.1)", CCITT Recommendation X.208, 1988.
[ASN1-97] International Telecommunications Union, "Abstract Syntax
Notation One (ASN.1): Specification of basic notation",
ITU-T Recommendation X.680, 1997.
[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
Housley, R., and W. Polk, "Internet X.509 Public Key
Infrastructure Certificate and Certificate Revocation List
(CRL) Profile", RFC 5280, May 2008.
Appendix: ASN.1 Module
This appendix provides the certificate policy identifiers (object
identifiers) in an ASN.1 module. No fancy structures are needed, so
this module is compatible with [ASN1-88] and [ASN1-97].
PKIXTestCertPolicies { iso(1) identified-organization(3) dod(6)
internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
id-mod-TEST-certPolicies(83) }
DEFINITIONS IMPLICIT TAGS ::=
BEGIN
-- EXPORTS ALL --
-- IMPORTS NONE --
id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
dod(6) internet(1) security(5) mechanisms(5) pkix(7) }
id-TEST OBJECT IDENTIFIER ::= { id-pkix 13 }
-- Object Identifiers used ONLY for TESTING
id-TEST-certPolicyOne OBJECT IDENTIFIER ::= { id-TEST 1 }
id-TEST-certPolicyTwo OBJECT IDENTIFIER ::= { id-TEST 2 }
id-TEST-certPolicyThree OBJECT IDENTIFIER ::= { id-TEST 3 }
id-TEST-certPolicyFour OBJECT IDENTIFIER ::= { id-TEST 4 }
id-TEST-certPolicyFive OBJECT IDENTIFIER ::= { id-TEST 5 }
id-TEST-certPolicySix OBJECT IDENTIFIER ::= { id-TEST 6 }
id-TEST-certPolicySeven OBJECT IDENTIFIER ::= { id-TEST 7 }
id-TEST-certPolicyEight OBJECT IDENTIFIER ::= { id-TEST 8 }
END
Housley Expires 11 July 2014 [Page 3]
INTERNET DRAFT PKIX TEST OIDs January 2014
Author's Address
Russell Housley
Vigil Security, LLC
918 Spring Knoll Drive
Herndon, VA 20170
USA
EMail: housley@vigilsec.com
Housley Expires 11 July 2014 [Page 4]
