Object OID's are intended to be universally unique identifiers. They are
distributed hierarchically, just like domain names.
For examle, ISO (1) created a group of organizations (3), and within that
recognized the US Dept of Defense (6), which recognized the IETF (1), who
created a branch for the security working group (5), who created a section
(5) within-which lives the IETF PKIX group (7),
or
1.3.6.1.5.5.7
Within that, PKIX's registrar (Russ Housley of Spyrus) set aside "arc"
(subtree) 0 for modules, and the second module is 2 for the IETF PKIX Cert
profile, or
{ pkix id-mod(0) id-pkix1-implicit-88(2) }
There is confusion, as in the "early days" a number of groups created their
own OID's for the same standard/common things. Peter Gutmann can give song
and dance in great detail on this. :)
/r$
-----Original Message-----
From: Amit Chopra [mailto:[EMAIL PROTECTED]]
Sent: Monday, May 08, 2000 7:46 AM
To: [EMAIL PROTECTED]
Subject: Object Identifiers
Hi,
I was going through the openssl.cnf file and there was a directive for
Object Identifers section. I went through the openssl docs but didn't
get much info. Eventually I found myself reading RFC 2459 (Certificate
and CRL Profile).There i found many strings like the following.
An algorithm identifier is defined by the following ASN.1 structure:
AlgorithmIdentifier ::= SEQUENCE {
algorithm OBJECT IDENTIFIER,
parameters ANY DEFINED BY algorithm OPTIONAL }
It seems OIDs are used for identification purposes (in place of verbose
strings). But what exactly are these OIDs? Are these OIDs universal?
Does every SSL implemenation use the same OIDs or they generate their
own private OIDs ?
Also there were strings like the following in the RFC
id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 }
Is id-ce 14 a universal identifier to which every implementation has to
conform ?
Also in openssl.cnf there's the oid section
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
How is this section helpful?
Also the oid_file directive is commented out by default.
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
What is the use of this directive ?
I would tremendously appreciate any help.
Thanks,
Amit.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
