Thank you, that was quite informative and interesting.
I'll follow it up with some research of my own.
Amit.
"Salz, Rich" wrote:
>
> Object OID's are intended to be universally unique identifiers. They are
> distributed hierarchically, just like domain names.
>
> For examle, ISO (1) created a group of organizations (3), and within that
> recognized the US Dept of Defense (6), which recognized the IETF (1), who
> created a branch for the security working group (5), who created a section
> (5) within-which lives the IETF PKIX group (7),
> or
> 1.3.6.1.5.5.7
> Within that, PKIX's registrar (Russ Housley of Spyrus) set aside "arc"
> (subtree) 0 for modules, and the second module is 2 for the IETF PKIX Cert
> profile, or
> { pkix id-mod(0) id-pkix1-implicit-88(2) }
>
> There is confusion, as in the "early days" a number of groups created their
> own OID's for the same standard/common things. Peter Gutmann can give song
> and dance in great detail on this. :)
> /r$
>
> -----Original Message-----
> From: Amit Chopra [mailto:[EMAIL PROTECTED]]
> Sent: Monday, May 08, 2000 7:46 AM
> To: [EMAIL PROTECTED]
> Subject: Object Identifiers
>
> Hi,
> I was going through the openssl.cnf file and there was a directive for
> Object Identifers section. I went through the openssl docs but didn't
> get much info. Eventually I found myself reading RFC 2459 (Certificate
> and CRL Profile).There i found many strings like the following.
>
> An algorithm identifier is defined by the following ASN.1 structure:
>
> AlgorithmIdentifier ::= SEQUENCE {
> algorithm OBJECT IDENTIFIER,
> parameters ANY DEFINED BY algorithm OPTIONAL }
>
> It seems OIDs are used for identification purposes (in place of verbose
> strings). But what exactly are these OIDs? Are these OIDs universal?
> Does every SSL implemenation use the same OIDs or they generate their
> own private OIDs ?
>
> Also there were strings like the following in the RFC
>
> id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 }
>
> Is id-ce 14 a universal identifier to which every implementation has to
> conform ?
>
> Also in openssl.cnf there's the oid section
>
> [ new_oids ]
>
> # We can add new OIDs in here for use by 'ca' and 'req'.
> # Add a simple OID like this:
> # testoid1=1.2.3.4
> # Or use config file substitution like this:
> # testoid2=${testoid1}.5.6
>
> How is this section helpful?
>
> Also the oid_file directive is commented out by default.
> # Extra OBJECT IDENTIFIER info:
> #oid_file = $ENV::HOME/.oid
> oid_section = new_oids
> What is the use of this directive ?
>
> I would tremendously appreciate any help.
>
> Thanks,
> Amit.
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
