OIDs have encoding rules and don't allow arbitrary values near the top level. For arc 0 and arc 1 the first level sub-arc can't be >39. Take a look at https://www.itu.int/rec/T-REC-X.660-201107-I if you're interested in learning more.
-Paul (reaperhulk) On Tue, Dec 9, 2025 at 8:36 AM Robert Moskowitz via Cryptography-dev < [email protected]> wrote: > I have been having problems with what OIDs are allowed for RegisteredID. > I do not see any limitation on OIDs here in rfc5280, yet an OID like > 99.15854644 throws a; > ValueError: error parsing asn1 value: ParseError { kind: InvalidValue } > > 1.15854644 fails but 1.3.15854644 works. Like there is some internal > table, that I don't believe is in openssl is limiting what I put in here. > > Oh, 15854644 is F1EC34 which is a 24-bit Aircraft Number and RegisteredID > seems a good place (other than cn=24anF1EC34). > > thank you > _______________________________________________ > Cryptography-dev mailing list -- [email protected] > To unsubscribe send an email to [email protected] > https://mail.python.org/mailman3//lists/cryptography-dev.python.org > Member address: [email protected] >
_______________________________________________ Cryptography-dev mailing list -- [email protected] To unsubscribe send an email to [email protected] https://mail.python.org/mailman3//lists/cryptography-dev.python.org Member address: [email protected]
