From 4bfd864f10b68b71482b35c818559068ef8d5797 Mon Sep 17 00:00:00 2001 From: Thomas Voss Date: Wed, 27 Nov 2024 20:54:24 +0100 Subject: doc: Add RFC documents --- doc/rfc/rfc7229.txt | 227 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 227 insertions(+) create mode 100644 doc/rfc/rfc7229.txt (limited to 'doc/rfc/rfc7229.txt') diff --git a/doc/rfc/rfc7229.txt b/doc/rfc/rfc7229.txt new file mode 100644 index 0000000..7695086 --- /dev/null +++ b/doc/rfc/rfc7229.txt @@ -0,0 +1,227 @@ + + + + + + +Internet Engineering Task Force (IETF) R. Housley +Request for Comments: 7229 Vigil Security +Category: Informational May 2014 +ISSN: 2070-1721 + + + Object Identifiers for Test Certificate Policies + +Abstract + + This document provides several certificate policy identifiers for + testing certificate handling software. + +Status of This Memo + + This document is not an Internet Standards Track specification; it is + published for informational purposes. + + This document is a product of the Internet Engineering Task Force + (IETF). It represents the consensus of the IETF community. It has + received public review and has been approved for publication by the + Internet Engineering Steering Group (IESG). Not all documents + approved by the IESG are a candidate for any level of Internet + Standard; see Section 2 of RFC 5741. + + Information about the current status of this document, any errata, + and how to provide feedback on it may be obtained at + http://www.rfc-editor.org/info/rfc7229. + +Copyright Notice + + Copyright (c) 2014 IETF Trust and the persons identified as the + document authors. All rights reserved. + + This document is subject to BCP 78 and the IETF Trust's Legal + Provisions Relating to IETF Documents + (http://trustee.ietf.org/license-info) in effect on the date of + publication of this document. Please review these documents + carefully, as they describe your rights and restrictions with respect + to this document. Code Components extracted from this document must + include Simplified BSD License text as described in Section 4.e of + the Trust Legal Provisions and are provided without warranty as + described in the Simplified BSD License. + + + + + + + + +Housley Informational [Page 1] + +RFC 7229 PKIX TEST OIDs May 2014 + + +1. Introduction + + This document provides several certificate policy identifiers for + testing certificate handling software. These certificate policy + identifiers are not intended for use in the public Internet. + + The certificate policy identifiers provided in this document are + consistent with the certificate profile specified in [RFC5280]. They + are appropriate for testing the certificate policy processing, + especially the handling of the certificate policy extension, the + policy constraints extension, and the policy mapping extension. + +2. Certificate Policy Identifiers for Testing + + The following certificate policy identifiers are provided for testing + certificate handling software. ASN.1 [ASN1-2008] object identifiers + are used to name certificate policies. + + id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) + dod(6) internet(1) security(5) mechanisms(5) pkix(7) } + + id-TEST OBJECT IDENTIFIER ::= { id-pkix 13 } + + -- Object Identifiers used ONLY for TESTING + id-TEST-certPolicyOne OBJECT IDENTIFIER ::= { id-TEST 1 } + id-TEST-certPolicyTwo OBJECT IDENTIFIER ::= { id-TEST 2 } + id-TEST-certPolicyThree OBJECT IDENTIFIER ::= { id-TEST 3 } + id-TEST-certPolicyFour OBJECT IDENTIFIER ::= { id-TEST 4 } + id-TEST-certPolicyFive OBJECT IDENTIFIER ::= { id-TEST 5 } + id-TEST-certPolicySix OBJECT IDENTIFIER ::= { id-TEST 6 } + id-TEST-certPolicySeven OBJECT IDENTIFIER ::= { id-TEST 7 } + id-TEST-certPolicyEight OBJECT IDENTIFIER ::= { id-TEST 8 } + +3. Security Considerations + + This specification does not identify particular certificate policies + for use in the Internet public key infrastructure. The actual + policies used for production certificates can have a significant + impact on the confidence that one can place in the certificate. No + confidence should be placed in any certificate that makes use of + these certificate policy identifiers, since they are intended only + for testing. + +4. IANA Considerations + + The object identifiers used in this document are defined in an arc + delegated by IANA to the PKIX Working Group. No further action by + IANA is necessary for this document or any anticipated updates. + + + +Housley Informational [Page 2] + +RFC 7229 PKIX TEST OIDs May 2014 + + +5. Normative References + + [ASN1-2008] International Telecommunications Union, "Abstract Syntax + Notation One (ASN.1): Specification of basic notation", + ITU-T Recommendation X.680, November 2008. + + [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., + Housley, R., and W. Polk, "Internet X.509 Public Key + Infrastructure Certificate and Certificate Revocation + List (CRL) Profile", RFC 5280, May 2008. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Housley Informational [Page 3] + +RFC 7229 PKIX TEST OIDs May 2014 + + +Appendix A. ASN.1 Module + + This appendix provides the certificate policy identifiers (object + identifiers) in an ASN.1 module. No fancy structures are needed, so + this module is compatible with [ASN1-2008]. + + PKIXTestCertPolicies { iso(1) identified-organization(3) dod(6) + internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) + id-mod-TEST-certPolicies(83) } + + DEFINITIONS IMPLICIT TAGS ::= + + BEGIN + + -- EXPORTS ALL -- + -- IMPORTS NONE -- + + id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) + dod(6) internet(1) security(5) mechanisms(5) pkix(7) } + + id-TEST OBJECT IDENTIFIER ::= { id-pkix 13 } + + -- Object Identifiers used ONLY for TESTING + id-TEST-certPolicyOne OBJECT IDENTIFIER ::= { id-TEST 1 } + id-TEST-certPolicyTwo OBJECT IDENTIFIER ::= { id-TEST 2 } + id-TEST-certPolicyThree OBJECT IDENTIFIER ::= { id-TEST 3 } + id-TEST-certPolicyFour OBJECT IDENTIFIER ::= { id-TEST 4 } + id-TEST-certPolicyFive OBJECT IDENTIFIER ::= { id-TEST 5 } + id-TEST-certPolicySix OBJECT IDENTIFIER ::= { id-TEST 6 } + id-TEST-certPolicySeven OBJECT IDENTIFIER ::= { id-TEST 7 } + id-TEST-certPolicyEight OBJECT IDENTIFIER ::= { id-TEST 8 } + + END + +Author's Address + + Russell Housley + Vigil Security, LLC + 918 Spring Knoll Drive + Herndon, VA 20170 + USA + + EMail: housley@vigilsec.com + + + + + + + + +Housley Informational [Page 4] + -- cgit v1.2.3