Add RPKI OIDs to dumpasn1.cfg

svn path=/pow/POW-0.7/dumpasn1.cfg; revision=1684
author: Rob Austein <sra@hactrn.net> 2008-04-20 08:38:11 +0000
committer: Rob Austein <sra@hactrn.net> 2008-04-20 08:38:11 +0000
commit: 2e30f96bfd94b3831c31e18e7d4fbdcf38dd0103 (patch)
tree: af095ebe8841849bdab1270bdacde79a99b66939
parent: 2f7d52b734f01869c6b2a9186700b0deaa054dcd (diff)
2 files changed, 358 insertions, 120 deletions
diff --git a/pow/POW-0.7/dumpasn1.cfg b/pow/POW-0.7/dumpasn1.cfg
index fb44501d..a653f049 100644
--- a/pow/POW-0.7/dumpasn1.cfg
+++ b/pow/POW-0.7/dumpasn1.cfg
@@ -510,7 +510,7 @@ OID = 06 07 02 82 06 01 0A 07 28
 Comment = Telesec attribute
 Description = ktKeyData (0 2 262 1 10 7 40)
 
-OID = 06 07 02 82 06 01 0A 07 2A
+OID = 06 07 02 82 06 01 0A 07 29
 Comment = Telesec attribute
 Description = ktKeyNumber (0 2 262 1 10 7 41)
 
@@ -546,7 +546,7 @@ OID = 06 06 02 82 06 01 0A 0C
 Comment = Telesec
 Description = certAndCrlExtensionDefinitions (0 2 262 1 10 12)
 
-# ISIS-MTT SigG-Profile: Indicates that an attribute certificate 
+# ISIS-MTT SigG-Profile: Indicates that an attribute certificate
 # exists, which limits the usability of this public key certificate.
 OID = 06 07 02 82 06 01 0A 0C 00
 Comment = Telesec cert/CRL extension
@@ -576,7 +576,7 @@ OID = 06 07 02 82 06 01 0A 0C 06
 Comment = Telesec cert/CRL extension
 Description = telesecNamingAuthorityExt (0 2 262 1 10 12 6)
 
-# BSI e-Pass (TR-03110/TR-03111).  TA = Terminal Authentication (Passport 
+# BSI e-Pass (TR-03110/TR-03111).  TA = Terminal Authentication (Passport
 # PKI with monthly global cert updates), CA = Chip Authentication
 # (Auth using static [EC]DH).
 
@@ -608,11 +608,11 @@ OID = 06 0A 04 00 7F 00 07 01 01 02 03 01
 Comment = BSI TR-03111
 Description = bsiGnBasis (0 4 0 127 0 7 1 1 2 3 1)
 
-OID = 06 09 04 00 7F 00 07 01 01 02 03 02
+OID = 06 0A 04 00 7F 00 07 01 01 02 03 02
 Comment = BSI TR-03111
 Description = bsiTpBasis (0 4 0 127 0 7 1 1 2 3 2)
 
-OID = 06 09 04 00 7F 00 07 01 01 02 03 03
+OID = 06 0A 04 00 7F 00 07 01 01 02 03 03
 Comment = BSI TR-03111
 Description = bsiPpBasis (0 4 0 127 0 7 1 1 2 3 3)
 
@@ -805,7 +805,7 @@ Description = Signet policyIdentifier (1 2 36 68980861 1 1 20)
 
 # Mitsubishi
 
-OID = 06 0A 2A 83 08 8C 1A 4B 3D 01 01 01
+OID = 06 0A 2A 83 08 8C 9A 4B 3D 01 01 01
 Comment = Mitsubishi security algorithm
 Description = symmetric-encryption-algorithm (1 2 392 200011 61 1 1 1)
 
@@ -873,11 +873,11 @@ OID = 06 06 2A 86 48 CE 38 03
 Comment = ANSI X9.57
 Description = attribute (1 2 840 10040 3)
 
-OID = 06 06 2A 86 48 CE 38 03 01
+OID = 06 07 2A 86 48 CE 38 03 01
 Comment = ANSI X9.57 attribute
 Description = countersignature (1 2 840 10040 3 1)
 
-OID = 06 06 2A 86 48 CE 38 03 02
+OID = 06 07 2A 86 48 CE 38 03 02
 Comment = ANSI X9.57 attribute
 Description = attribute-cert (1 2 840 10040 3 2)
 
@@ -1157,7 +1157,7 @@ Description = passwordBasedMac (1 2 840 113533 7 66 13)
 OID = 06 08 2A 86 48 86 F6 7D 07 43
 Description = nsn-oc (1 2 840 113533 7 67)
 
-OID = 06 09 2A 86 48 86 F6 7D 07 43 0C
+OID = 06 09 2A 86 48 86 F6 7D 07 43 00
 Comment = Nortel Secure Networks oc
 Description = entrustUser (1 2 840 113533 7 67 0)
 
@@ -1201,9 +1201,11 @@ OID = 06 09 2A 86 48 86 F7 0D 01 01 07
 Comment = PKCS #1
 Description = rsaOAEP (1 2 840 113549 1 1 7)
 
+# This is also used with PSS so it's given the more general label 'pkcs1-XXX'
+# rather than 'rsaOAEP-XXX'.
 OID = 06 09 2A 86 48 86 F7 0D 01 01 08
 Comment = PKCS #1
-Description = rsaOAEP-MGF (1 2 840 113549 1 1 8)
+Description = pkcs1-MGF (1 2 840 113549 1 1 8)
 
 OID = 06 09 2A 86 48 86 F7 0D 01 01 09
 Comment = PKCS #1
@@ -1227,8 +1229,8 @@ Description = sha512WithRSAEncryption (1 2 840 113549 1 1 13)
 
 # There is some confusion over the identity of the following OID.  The OAEP
 # one is more recent, but independant vendors have already used the RIPEMD
-# one, however it's likely that SET will be a bigger hammer (at least as a
-# standard) so we report it as that.
+# one, however it's likely that the SET usage will claim to be more
+# authoritative so we report it as that.
 OID = 06 09 2A 86 48 86 F7 0D 01 01 06
 Comment = PKCS #1.  This OID may also be assigned as ripemd160WithRSAEncryption
 Description = rsaOAEPEncryptionSET (1 2 840 113549 1 1 6)
@@ -1236,7 +1238,7 @@ Description = rsaOAEPEncryptionSET (1 2 840 113549 1 1 6)
 
 # BSAFE/PKCS #2 (obsolete)
 
-OID = 06 08 2A 86 48 86 F7 0D 01 01
+OID = 06 08 2A 86 48 86 F7 0D 01 02
 Comment = Obsolete BSAFE OID
 Description = bsafeRsaEncr (1 2 840 113549 1 2)
 Warning
@@ -1244,7 +1246,7 @@ Warning
 # PKCS #3
 
 OID = 06 08 2A 86 48 86 F7 0D 01 03
-Description = pkcs-3
+Description = pkcs-3 (1 2 840 113549 1 3)
 
 OID = 06 09 2A 86 48 86 F7 0D 01 03 01
 Comment = PKCS #3
@@ -1253,7 +1255,7 @@ Description = dhKeyAgreement (1 2 840 113549 1 3 1)
 # PKCS #5
 
 OID = 06 08 2A 86 48 86 F7 0D 01 05
-Description = pkcs-5
+Description = pkcs-5 (1 2 840 113549 1 5)
 
 OID = 06 09 2A 86 48 86 F7 0D 01 05 01
 Comment = PKCS #5
@@ -1295,7 +1297,7 @@ Description = pkcs5PBMAC1 (1 2 840 113549 1 5 14)
 # PKCS #7
 
 OID = 06 08 2A 86 48 86 F7 0D 01 07
-Description = pkcs-7
+Description = pkcs-7 (1 2 840 113549 1 7)
 
 OID = 06 09 2A 86 48 86 F7 0D 01 07 01
 Comment = PKCS #7
@@ -1801,11 +1803,11 @@ Description = pkcs7PDU (1 2 840 113549 1 9 25 5)
 
 OID = 06 09 2A 86 48 86 F7 0D 01 09 1A
 Comment = PKCS #9/RFC 2985
-Description = pkcs9syntax (1 2 840 113549 1 9 1A)
+Description = pkcs9syntax (1 2 840 113549 1 9 26)
 
 OID = 06 09 2A 86 48 86 F7 0D 01 09 1B
 Comment = PKCS #9/RFC 2985
-Description = pkcs9matchingRules (1 2 840 113549 1 9 1B)
+Description = pkcs9matchingRules (1 2 840 113549 1 9 27)
 
 # PKCS #12.  Note that current PKCS #12 implementations tend to be strange and
 # peculiar, with implementors misusing OIDs or basing their work on earlier PFX
@@ -1896,7 +1898,7 @@ Description = pkcs-12-SDSICertBagID (1 2 840 113549 1 12 4 2)
 # The following are from PFX.  The ... 5 1 values have been reassigned to OIDs
 # with incompatible algorithms at ... 1, the 5 2 values seem to have vanished.
 OID = 06 09 2A 86 48 86 F7 0D 01 0C 05
-Description = pkcs-12-OID
+Description = pkcs-12-OID (1 2 840 113549 1 12 5)
 Warning
 
 OID = 06 0A 2A 86 48 86 F7 0D 01 0C 05 01
@@ -1940,8 +1942,8 @@ Description = pkcs-12-PBEWithSha1AndRC2CBC (1 2 840 113549 1 12 5 1 7)
 Warning
 
 OID = 06 0A 2A 86 48 86 F7 0D 01 0C 05 02
-Description = pkcs-12-EnvelopingID.  Deprecated, use the conventional PKCS #1 OIDs instead
-Warning
+Comment = PKCS #12 OID.  Deprecated, use the conventional PKCS #1 OIDs instead
+Description = pkcs-12-EnvelopingID (1 2 840 113549 1 12 5 2)
 
 OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 02 01
 Comment = PKCS #12 OID EnvelopingID.  Deprecated, use the conventional PKCS #1 OIDs instead
@@ -1959,7 +1961,8 @@ Description = pkcs-12-RSAEncryptionWithTripleDES (1 2 840 113549 1 12 5 2 3)
 Warning
 
 OID = 06 0A 2A 86 48 86 F7 0D 01 0C 05 03
-Description = pkcs-12-SignatureID.  Deprecated, use the conventional PKCS #1 OIDs instead
+Comment = PKCS #12 OID EnvelopingID.  Deprecated, use the conventional PKCS #1 OIDs instead
+Description = pkcs-12-SignatureID (1 2 840 113549 1 12 5 3)
 Warning
 
 OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 03 01
@@ -1970,10 +1973,10 @@ Warning
 # Yet *another* redefinition of the PKCS #12 "bag" ID's, now in a different
 # order than the last redefinition at ... 12 3.
 OID = 06 09 2A 86 48 86 F7 0D 01 0C 0A
-Description = pkcs-12Version1
+Description = pkcs-12Version1 (1 2 840 113549 1 12 10)
 
 OID = 06 0A 2A 86 48 86 F7 0D 01 0C 0A 01
-Description = pkcs-12BadIds
+Description = pkcs-12BadIds (1 2 840 113549 1 12 10 1)
 
 OID = 06 0B 2A 86 48 86 F7 0D 01 0C 0A 01 01
 Comment = PKCS #12 BagIds
@@ -2020,7 +2023,7 @@ Description = pkcs15content (1 2 840 113549 1 15 3 1)
 # RSADSI digest algorithms
 
 OID = 06 07 2A 86 48 86 F7 0D 02
-Description = digestAlgorithm
+Description = digestAlgorithm (1 2 840 113549 2)
 
 OID = 06 08 2A 86 48 86 F7 0D 02 02
 Comment = RSADSI digestAlgorithm
@@ -2038,26 +2041,26 @@ OID = 06 08 2A 86 48 86 F7 0D 02 07
 Comment = RSADSI digestAlgorithm
 Description = hmacWithSHA1 (1 2 840 113549 2 7)
 
-OID = 06 08 2A 86 48 86 F7 0D 02 07
+OID = 06 08 2A 86 48 86 F7 0D 02 08
 Comment = RSADSI digestAlgorithm
 Description = hmacWithSHA224 (1 2 840 113549 2 8)
 
-OID = 06 08 2A 86 48 86 F7 0D 02 07
+OID = 06 08 2A 86 48 86 F7 0D 02 09
 Comment = RSADSI digestAlgorithm
 Description = hmacWithSHA256 (1 2 840 113549 2 9)
 
-OID = 06 08 2A 86 48 86 F7 0D 02 07
+OID = 06 08 2A 86 48 86 F7 0D 02 0A
 Comment = RSADSI digestAlgorithm
 Description = hmacWithSHA384 (1 2 840 113549 2 10)
 
-OID = 06 08 2A 86 48 86 F7 0D 02 07
+OID = 06 08 2A 86 48 86 F7 0D 02 0B
 Comment = RSADSI digestAlgorithm
 Description = hmacWithSHA512 (1 2 840 113549 2 11)
 
 # RSADSI encryption algorithms
 
 OID = 06 07 2A 86 48 86 F7 0D 03
-Description = encryptionAlgorithm
+Description = encryptionAlgorithm (1 2 840 113549 3)
 
 OID = 06 08 2A 86 48 86 F7 0D 03 02
 Comment = RSADSI encryptionAlgorithm
@@ -2107,9 +2110,13 @@ Description = identrusOCSP (1 2 840 114021 4 1)
 
 # Microsoft (both 1 2 840 and 1 3 6 1 4 1 arcs)
 
+OID = 06 0A 2A 86 48 86 F7 14 01 02 81 71
+Comment = Microsoft Exchange Server - attribute
+Description = deliveryMechanism (1 2 840 113556 1 2 241)
+
 OID = 06 09 2A 86 48 86 F7 14 01 03 00
 Comment = Microsoft Exchange Server - object class
-Description = site-Addressing (1 2 840 113556 1 3 00)
+Description = site-Addressing (1 2 840 113556 1 3 0)
 
 OID = 06 09 2A 86 48 86 F7 14 01 03 0D
 Comment = Microsoft Exchange Server - object class
@@ -2121,7 +2128,7 @@ Description = attributeSchema (1 2 840 113556 1 3 14)
 
 OID = 06 09 2A 86 48 86 F7 14 01 03 11
 Comment = Microsoft Exchange Server - object class
-Description = mailbox-Agent (1 2 840 113556 1 3 174)
+Description = mailbox-Agent (1 2 840 113556 1 3 17)
 
 OID = 06 09 2A 86 48 86 F7 14 01 03 16
 Comment = Microsoft Exchange Server - object class
@@ -2135,9 +2142,101 @@ OID = 06 09 2A 86 48 86 F7 14 01 03 2E
 Comment = Microsoft Exchange Server - object class
 Description = mailRecipient (1 2 840 113556 1 3 46)
 
-OID = 06 09 2A 86 48 86 F7 14 01 02 81 71
-Comment = Microsoft Exchange Server - attribute
-Description = deliveryMechanism (1 2 840 113556 1 2 241)
+OID = 06 0A 2A 86 48 86 F7 14 01 02 82 19
+Comment = Microsoft Cert Template - attribute
+Description = ntSecurityDescriptor (1 2 840 113556 1 2 281)
+
+OID = 06 0A 2A 86 48 86 F7 14 01 04 81 11
+Comment = Microsoft Cert Template - attribute
+Description = revision (1 2 840 113556 1 4 145)
+
+OID = 06 0A 2A 86 48 86 F7 14 01 04 8A 2F
+Comment = Microsoft Cert Template - attribute
+Description = pKIDefaultKeySpec (1 2 840 113556 1 4 1327)
+
+OID = 06 0A 2A 86 48 86 F7 14 01 04 8A 30
+Comment = Microsoft Cert Template - attribute
+Description = pKIKeyUsage (1 2 840 113556 1 4 1328)
+
+OID = 06 0A 2A 86 48 86 F7 14 01 04 8A 31
+Comment = Microsoft Cert Template - attribute
+Description = pKIMaxIssuingDepth (1 2 840 113556 1 4 1329)
+
+OID = 06 0A 2A 86 48 86 F7 14 01 04 8A 32
+Comment = Microsoft Cert Template - attribute
+Description = pKICriticalExtensions (1 2 840 113556 1 4 1330)
+
+OID = 06 0A 2A 86 48 86 F7 14 01 04 8A 33
+Comment = Microsoft Cert Template - attribute
+Description = pKIExpirationPeriod (1 2 840 113556 1 4 1331)
+
+OID = 06 0A 2A 86 48 86 F7 14 01 04 8A 34
+Comment = Microsoft Cert Template - attribute
+Description = pKIOverlapPeriod (1 2 840 113556 1 4 1332)
+
+OID = 06 0A 2A 86 48 86 F7 14 01 04 8A 35
+Comment = Microsoft Cert Template - attribute
+Description = pKIExtendedKeyUsage (1 2 840 113556 1 4 1333)
+
+OID = 06 0A 2A 86 48 86 F7 14 01 04 8A 36
+Comment = Microsoft Cert Template - attribute
+Description = pKIDefaultCSPs (1 2 840 113556 1 4 1334)
+
+OID = 06 0A 2A 86 48 86 F7 14 01 04 8A 37
+Comment = Microsoft Cert Template - attribute
+Description = pKIEnrollmentAccess (1 2 840 113556 1 4 1335)
+
+OID = 06 0A 2A 86 48 86 F7 14 01 04 8B 15
+Comment = Microsoft Cert Template - attribute
+Description = msPKI-RA-Signature (1 2 840 113556 1 4 1429)
+
+OID = 06 0A 2A 86 48 86 F7 14 01 04 8B 16
+Comment = Microsoft Cert Template - attribute
+Description = msPKI-Enrollment-Flag (1 2 840 113556 1 4 1430)
+
+OID = 06 0A 2A 86 48 86 F7 14 01 04 8B 17
+Comment = Microsoft Cert Template - attribute
+Description = msPKI-Private-Key-Flag (1 2 840 113556 1 4 1431)
+
+OID = 06 0A 2A 86 48 86 F7 14 01 04 8B 18
+Comment = Microsoft Cert Template - attribute
+Description = msPKI-Certificate-Name-Flag (1 2 840 113556 1 4 1432)
+
+OID = 06 0A 2A 86 48 86 F7 14 01 04 8B 19
+Comment = Microsoft Cert Template - attribute
+Description = msPKI-Minimal-Key-Size (1 2 840 113556 1 4 1433)
+
+OID = 06 0A 2A 86 48 86 F7 14 01 04 8B 1A
+Comment = Microsoft Cert Template - attribute
+Description = msPKI-Template-Schema-Version (1 2 840 113556 1 4 1434)
+
+OID = 06 0A 2A 86 48 86 F7 14 01 04 8B 1B
+Comment = Microsoft Cert Template - attribute
+Description = msPKI-Template-Minor-Revision (1 2 840 113556 1 4 1435)
+
+OID = 06 0A 2A 86 48 86 F7 14 01 04 8B 1C
+Comment = Microsoft Cert Template - attribute
+Description = msPKI-Cert-Template-OID (1 2 840 113556 1 4 1436)
+
+OID = 06 0A 2A 86 48 86 F7 14 01 04 8B 1D
+Comment = Microsoft Cert Template - attribute
+Description = msPKI-Supersede-Templates (1 2 840 113556 1 4 1437)
+
+OID = 06 0A 2A 86 48 86 F7 14 01 04 8B 1E
+Comment = Microsoft Cert Template - attribute
+Description = msPKI-RA-Policies (1 2 840 113556 1 4 1438)
+
+OID = 06 0A 2A 86 48 86 F7 14 01 04 8B 1F
+Comment = Microsoft Cert Template - attribute
+Description = msPKI-Certificate-Policy (1 2 840 113556 1 4 1439)
+
+OID = 06 0A 2A 86 48 86 F7 14 01 04 8D 0A
+Comment = Microsoft Cert Template - attribute
+Description = msPKI-Certificate-Application-Policy (1 2 840 113556 1 4 1674)
+
+OID = 06 0A 2A 86 48 86 F7 14 01 04 8D 0B
+Comment = Microsoft Cert Template - attribute
+Description = msPKI-RA-Application-Policies (1 2 840 113556 1 4 1675)
 
 OID = 06 08 2A 86 48 86 F7 14 04 03
 Comment = Microsoft
@@ -2243,6 +2342,16 @@ OID = 06 0A 2B 06 01 04 01 82 37 0A 04 01
 Comment = Microsoft attribute
 Description = yesnoTrustAttr (1 3 6 1 4 1 311 10 4 1)
 
+# Certificate signing a renewal request
+OID = 06 09 2B 06 01 04 01 82 37 0D 01
+Comment = Microsoft attribute
+Description = renewalCertificate (1 3 6 1 4 1 311 13 1)
+
+# Name-and-value string pairs
+OID = 06 0A 2B 06 01 04 01 82 37 0D 02 01
+Comment = Microsoft attribute
+Description = enrolmentNameValuePair (1 3 6 1 4 1 311 13 2 1)
+
 # CAPI cert enrolment CSP, contains a BMPString describing the CAPI level and
 # a BIT STRING blob containing a key spec
 OID = 06 0A 2B 06 01 04 01 82 37 0D 02 02
@@ -2260,6 +2369,14 @@ OID = 06 09 2B 06 01 04 01 82 37 10 04
 Comment = Microsoft attribute
 Description = microsoftRecipientInfo (1 3 6 1 4 1 311 16 4)
 
+OID = 06 09 2B 06 01 04 01 82 37 14 02
+Comment = Microsoft CAPICOM certificate template, V1
+Description = enrollCerttypeExtension (1 3 6 1 4 1 311 20 2)
+
+OID = 06 0A 2B 06 01 04 01 82 37 14 02 03
+Comment = Microsoft UPN
+Description = universalPrincipalName (1 3 6 1 4 1 311 20 2 3)
+
 # Win2K CA certificate key/cert counter, high 16 bits = key index, low 16 bits
 # = cert index.  Key index is inc'd when a CA gets a new key, cert index is
 # inc'd when a CA gets a new cert (ie recertifies a current key).  This
@@ -2270,9 +2387,17 @@ OID = 06 09 2B 06 01 04 01 82 37 15 01
 Comment = Microsoft attribute
 Description = cAKeyCertIndexPair (1 3 6 1 4 1 311 21 1)
 
-OID = 06 09 2B 06 01 04 01 82 37 14 02
-Comment = Microsoft CAPICOM certificate template, V1
-Description = enrollCerttypeExtension (1 3 6 1 4 1 311 20 2)
+# EKU: Encryption certificate for sending the private key to the CA
+OID = 06 09 2B 06 01 04 01 82 37 15 05
+Comment = Microsoft extended key usage
+Description = caExchange (1 3 6 1 4 1 311 21 5)
+Warning
+
+# EKU: keyRecovery
+OID = 06 09 2B 06 01 04 01 82 37 15 06
+Comment = Microsoft extended key usage
+Description = keyRecovery (1 3 6 1 4 1 311 21 6)
+Warning
 
 OID = 06 09 2B 06 01 04 01 82 37 15 07
 Comment = Microsoft CAPICOM certificate template, V2
@@ -2285,6 +2410,38 @@ Description = certificateTemplate (1 3 6 1 4 1 311 21 7)
 # Comment = Microsoft braindamage
 # Description = autoEnrollEFS (1 3 6 1 4 1 311 21 8 x x x x x x)
 
+# Encrypted private key
+OID = 06 09 2B 06 01 04 01 82 37 15 0D
+Comment = Microsoft attribute
+Description = archivedKey (1 3 6 1 4 1 311 21 13)
+
+# Identity of the client application/ActiveX control, user, and machine
+# that generated the request
+OID = 06 09 2B 06 01 04 01 82 37 15 14
+Comment = Microsoft attribute
+Description = requestClientInfo (1 3 6 1 4 1 311 21 20)
+
+# Hash of private key
+OID = 06 09 2B 06 01 04 01 82 37 15 15
+Comment = Microsoft attribute
+Description = encryptedKeyHash (1 3 6 1 4 1 311 21 21)
+
+# EKU: Health (= proof of compliance with system security policy) certificate
+# (This may also be a policy OID rather than an EKU OID)
+OID = 06 0A 2B 06 01 04 01 82 37 2F 01 01
+Comment = Microsoft extended key usage
+Description = systemHealth (1 3 6 1 4 1 311 47 1 1)
+
+# EKU: Extended health (= proof of compliance with system security policy)
+# certificate   This is an interesting example of the triumph of politics
+# over security, the "Health" key usage is meant to indicate compliance with
+# a system or corporate security policy, and this key usage is for systems
+# that don't comply with the policy but that need a "Health" certificate
+# anyway
+OID = 06 0A 2B 06 01 04 01 82 37 2F 01 03
+Comment = Microsoft extended key usage
+Description = systemHealthLoophole (1 3 6 1 4 1 311 47 1 3)
+
 # CAPICOM original filename (something to do with signed files?)
 OID = 06 0A 2B 06 01 04 01 82 37 58 02 01
 Comment = Microsoft attribute
@@ -2452,11 +2609,11 @@ Description = eciaNonEdi (1 3 6 1 4 1 3576 9)
 
 # Timeproof (www.timeproof.de)
 
-OID = 06 09 2B 06 01 04 01 AA 60
+OID = 06 07 2B 06 01 04 01 AA 60
 Comment = enterprise
 Description = timeproof (1 3 6 1 4 1 5472)
 
-OID = 06 09 2B 06 01 04 01 AA 60 01
+OID = 06 08 2B 06 01 04 01 AA 60 01
 Comment = timeproof
 Description = tss (1 3 6 1 4 1 5472 1)
 
@@ -2464,11 +2621,11 @@ OID = 06 09 2B 06 01 04 01 AA 60 01 01
 Comment = timeproof TSS
 Description = tss80 (1 3 6 1 4 1 5472 1 1)
 
-OID = 06 09 2B 06 01 04 01 AA 60 01 01
+OID = 06 09 2B 06 01 04 01 AA 60 01 02
 Comment = timeproof TSS
 Description = tss380 (1 3 6 1 4 1 5472 1 2)
 
-OID = 06 09 2B 06 01 04 01 AA 60 01 01
+OID = 06 09 2B 06 01 04 01 AA 60 01 03
 Comment = timeproof TSS
 Description = tss400 (1 3 6 1 4 1 5472 1 3)
 
@@ -2614,7 +2771,7 @@ Description = ngcClass3 (1 3 6 1 4 1 16334 509 2 3)
 OID = 06 06 2B 06 01 05 05 07
 Description = pkix (1 3 6 1 5 5 7)
 
-OID = 06 06 2B 06 01 05 05 07
+OID = 06 08 2B 06 01 05 05 07 00 0C
 Comment = PKIX
 Description = attributeCert (1 3 6 1 5 5 7 0 12)
 
@@ -2666,6 +2823,10 @@ OID = 06 08 2B 06 01 05 05 07 01 0B
 Comment = PKIX private extension
 Description = subjectInfoAccess (1 3 6 1 5 5 7 1 11)
 
+OID = 06 08 2B 06 01 05 05 07 01 0C
+Comment = PKIX private extension
+Description = logoType (1 3 6 1 5 5 7 1 12)
+
 OID = 06 07 2B 06 01 05 05 07 02
 Comment = PKIX
 Description = policyQualifierIds (1 3 6 1 5 5 7 2)
@@ -2832,7 +2993,7 @@ Description = protocolEncrKey (1 3 6 1 5 5 7 5 1 6)
 
 OID = 06 09 2B 06 01 05 05 07 05 01 07
 Comment = PKIX CRMF registration control
-Description = altCertTemplate(1 3 6 1 5 5 7 5 1 7)
+Description = altCertTemplate (1 3 6 1 5 5 7 5 1 7)
 
 OID = 06 09 2B 06 01 05 05 07 05 01 08
 Comment = PKIX CRMF registration control
@@ -2840,7 +3001,7 @@ Description = wtlsTemplate (1 3 6 1 5 5 7 5 1 8)
 
 OID = 06 08 2B 06 01 05 05 07 05 02
 Comment = PKIX CRMF registration
-Description = (1 3 6 1 5 5 7 5 2)
+Description = utf8Pairs (1 3 6 1 5 5 7 5 2)
 
 OID = 06 09 2B 06 01 05 05 07 05 02 01
 Comment = PKIX CRMF registration control
@@ -2946,6 +3107,18 @@ OID = 06 08 2B 06 01 05 05 07 0B 01
 Comment = PKIX qualified certificates
 Description = pkixQCSyntax-v1 (1 3 6 1 5 5 7 11 1)
 
+OID = 06 07 2B 06 01 05 05 07 14
+Comment = PKIX qualified certificates
+Description = logo (1 3 6 1 5 5 7 20)
+
+OID = 06 08 2B 06 01 05 05 07 14 01
+Comment = PKIX
+Description = logoLoyalty (1 3 6 1 5 5 7 20 1)
+
+OID = 06 08 2B 06 01 05 05 07 14 02
+Comment = PKIX
+Description = logoBackground (1 3 6 1 5 5 7 20 2)
+
 # OCSP
 
 OID = 06 08 2B 06 01 05 05 07 30 01
@@ -3026,11 +3199,11 @@ OID = 06 07 2B 0C 02 87 73 07 02
 Comment = DASS algorithm
 Description = decHashAlgorithm (1 3 12 2 1011 7 2)
 
-OID = 06 07 2B 0C 02 87 73 07 02 01
+OID = 06 08 2B 0C 02 87 73 07 02 01
 Comment = DASS hash algorithm
 Description = decMD2 (1 3 12 2 1011 7 2 1)
 
-OID = 06 07 2B 0C 02 87 73 07 02 02
+OID = 06 08 2B 0C 02 87 73 07 02 02
 Comment = DASS hash algorithm
 Description = decMD4 (1 3 12 2 1011 7 2 2)
 
@@ -3038,15 +3211,15 @@ OID = 06 07 2B 0C 02 87 73 07 03
 Comment = DASS algorithm
 Description = decSignatureAlgorithm (1 3 12 2 1011 7 3)
 
-OID = 06 07 2B 0C 02 87 73 07 03 01
+OID = 06 08 2B 0C 02 87 73 07 03 01
 Comment = DASS signature algorithm
 Description = decMD2withRSA (1 3 12 2 1011 7 3 1)
 
-OID = 06 07 2B 0C 02 87 73 07 03 02
+OID = 06 08 2B 0C 02 87 73 07 03 02
 Comment = DASS signature algorithm
 Description = decMD4withRSA (1 3 12 2 1011 7 3 2)
 
-OID = 06 07 2B 0C 02 87 73 07 03 03
+OID = 06 08 2B 0C 02 87 73 07 03 03
 Comment = DASS signature algorithm
 Description = decDEAMAC (1 3 12 2 1011 7 3 3)
 
@@ -3379,7 +3552,7 @@ Comment = Teletrust signature algorithm
 Description = rsaSignatureWithsha1_l768_l2 (1 3 36 3 3 1 1 768 2)
 OID = 06 09 2B 24 03 03 01 01 87 00 02
 Comment = Teletrust signature algorithm
-Description = rsaSignatureWithsha1_l896_l2 (1 3 36 3 3 1 1 892 2)
+Description = rsaSignatureWithsha1_l896_l2 (1 3 36 3 3 1 1 896 2)
 OID = 06 09 2B 24 03 03 01 01 88 00 02
 Comment = Teletrust signature algorithm
 Description = rsaSignatureWithsha1_l1024_l2 (1 3 36 3 3 1 1 1024 2)
@@ -3428,19 +3601,19 @@ Description = rsaSignatureWithsha1_l896_l9 (1 3 36 3 3 1 1 896 9)
 OID = 06 09 2B 24 03 03 01 01 88 00 09
 Comment = Teletrust signature algorithm
 Description = rsaSignatureWithsha1_l1024_l9 (1 3 36 3 3 1 1 1024 9)
-OID = 06 09 2B 24 03 03 01 01 84 00 11
+OID = 06 09 2B 24 03 03 01 01 84 00 0B
 Comment = Teletrust signature algorithm
 Description = rsaSignatureWithsha1_l512_l11 (1 3 36 3 3 1 1 512 11)
-OID = 06 09 2B 24 03 03 01 01 85 00 11
+OID = 06 09 2B 24 03 03 01 01 85 00 0B
 Comment = Teletrust signature algorithm
 Description = rsaSignatureWithsha1_l640_l11 (1 3 36 3 3 1 1 640 11)
-OID = 06 09 2B 24 03 03 01 01 86 00 11
+OID = 06 09 2B 24 03 03 01 01 86 00 0B
 Comment = Teletrust signature algorithm
 Description = rsaSignatureWithsha1_l768_l11 (1 3 36 3 3 1 1 768 11)
-OID = 06 09 2B 24 03 03 01 01 87 00 11
+OID = 06 09 2B 24 03 03 01 01 87 00 0B
 Comment = Teletrust signature algorithm
 Description = rsaSignatureWithsha1_l896_l11 (1 3 36 3 3 1 1 896 11)
-OID = 06 09 2B 24 03 03 01 01 88 00 11
+OID = 06 09 2B 24 03 03 01 01 88 00 0B
 Comment = Teletrust signature algorithm
 Description = rsaSignatureWithsha1_l1024_l11 (1 3 36 3 3 1 1 1024 11)
 
@@ -3459,7 +3632,7 @@ Comment = Teletrust signature algorithm
 Description = rsaSignatureWithripemd160_l768_l2 (1 3 36 3 3 1 2 768 2)
 OID = 06 09 2B 24 03 03 01 02 87 00 02
 Comment = Teletrust signature algorithm
-Description = rsaSignatureWithripemd160_l896_l2 (1 3 36 3 3 1 2 892 2)
+Description = rsaSignatureWithripemd160_l896_l2 (1 3 36 3 3 1 2 896 2)
 OID = 06 09 2B 24 03 03 01 02 88 00 02
 Comment = Teletrust signature algorithm
 Description = rsaSignatureWithripemd160_l1024_l2 (1 3 36 3 3 1 2 1024 2)
@@ -3508,19 +3681,19 @@ Description = rsaSignatureWithripemd160_l896_l9 (1 3 36 3 3 1 2 896 9)
 OID = 06 09 2B 24 03 03 01 02 88 00 09
 Comment = Teletrust signature algorithm
 Description = rsaSignatureWithripemd160_l1024_l9 (1 3 36 3 3 1 2 1024 9)
-OID = 06 09 2B 24 03 03 01 02 84 00 11
+OID = 06 09 2B 24 03 03 01 02 84 00 0B
 Comment = Teletrust signature algorithm
 Description = rsaSignatureWithripemd160_l512_l11 (1 3 36 3 3 1 2 512 11)
-OID = 06 09 2B 24 03 03 01 02 85 00 11
+OID = 06 09 2B 24 03 03 01 02 85 00 0B
 Comment = Teletrust signature algorithm
 Description = rsaSignatureWithripemd160_l640_l11 (1 3 36 3 3 1 2 640 11)
-OID = 06 09 2B 24 03 03 01 02 86 00 11
+OID = 06 09 2B 24 03 03 01 02 86 00 0B
 Comment = Teletrust signature algorithm
 Description = rsaSignatureWithripemd160_l768_l11 (1 3 36 3 3 1 2 768 11)
-OID = 06 09 2B 24 03 03 01 02 87 00 11
+OID = 06 09 2B 24 03 03 01 02 87 00 0B
 Comment = Teletrust signature algorithm
 Description = rsaSignatureWithripemd160_l896_l11 (1 3 36 3 3 1 2 896 11)
-OID = 06 09 2B 24 03 03 01 02 88 00 11
+OID = 06 09 2B 24 03 03 01 02 88 00 0B
 Comment = Teletrust signature algorithm
 Description = rsaSignatureWithripemd160_l1024_l11 (1 3 36 3 3 1 2 1024 11)
 
@@ -3564,7 +3737,7 @@ OID = 06 05 2B 24 03 04 02
 Comment = Teletrust signature scheme
 Description = sigS_ISO9796-2 (1 3 36 3 4 2)
 
-OID = 06 05 2B 24 03 04 02 01
+OID = 06 06 2B 24 03 04 02 01
 Comment = Teletrust signature scheme.  Unsure what this is supposed to be
 Description = sigS_ISO9796-2Withred (1 3 36 3 4 2 1)
 
@@ -3682,86 +3855,87 @@ Description = rechtWirtschaftSteuern (1 3 36 8 3 11 1)
 
 OID = 06 07 2B 24 08 03 0B 01 01
 Comment = Teletrust ProfessionInfo
-Description = rechtsanwaeltin (1 3 36 8 3 11 1)
+Description = rechtsanwaeltin (1 3 36 8 3 11 1 1)
 
 OID = 06 07 2B 24 08 03 0B 01 02
 Comment = Teletrust ProfessionInfo
-Description = rechtsanwalt (1 3 36 8 3 11 2)
+Description = rechtsanwalt (1 3 36 8 3 11 1 2)
 
 OID = 06 07 2B 24 08 03 0B 01 03
 Comment = Teletrust ProfessionInfo
-Description = rechtsbeistand (1 3 36 8 3 11 3)
+Description = rechtsBeistand (1 3 36 8 3 11 1 3)
 
 OID = 06 07 2B 24 08 03 0B 01 04
 Comment = Teletrust ProfessionInfo
-Description = steuerberaterin (1 3 36 8 3 11 4)
+Description = steuerBeraterin (1 3 36 8 3 11 1 4)
 
 OID = 06 07 2B 24 08 03 0B 01 05
 Comment = Teletrust ProfessionInfo
-Description = steuerberater (1 3 36 8 3 11 5)
+Description = steuerBerater (1 3 36 8 3 11 1 5)
 
 OID = 06 07 2B 24 08 03 0B 01 06
 Comment = Teletrust ProfessionInfo
-Description = steuerbevollmaechtigte (1 3 36 8 3 11 6)
+Description = steuerBevollmaechtigte (1 3 36 8 3 11 1 6)
 
 OID = 06 07 2B 24 08 03 0B 01 07
 Comment = Teletrust ProfessionInfo
-Description = steuerbevollmaechtigter (1 3 36 8 3 11 7)
+Description = steuerBevollmaechtigter (1 3 36 8 3 11 1 7)
 
 OID = 06 07 2B 24 08 03 0B 01 08
 Comment = Teletrust ProfessionInfo
-Description = notarin (1 3 36 8 3 11 8)
+Description = notarin (1 3 36 8 3 11 1 8)
 
 OID = 06 07 2B 24 08 03 0B 01 09
 Comment = Teletrust ProfessionInfo
-Description = notar (1 3 36 8 3 11 9)
+Description = notar (1 3 36 8 3 11 1 9)
 
-OID = 06 07 2B 24 08 03 0B 01 10
+OID = 06 07 2B 24 08 03 0B 01 0A
 Comment = Teletrust ProfessionInfo
-Description = notarvertreterin (1 3 36 8 3 11 10)
+Description = notarVertreterin (1 3 36 8 3 11 1 10)
 
-OID = 06 07 2B 24 08 03 0B 01 11
+OID = 06 07 2B 24 08 03 0B 01 0B
 Comment = Teletrust ProfessionInfo
-Description = notarvertreter (1 3 36 8 3 11 11)
+Description = notarVertreter (1 3 36 8 3 11 1 11)
 
-OID = 06 07 2B 24 08 03 0B 01 12
+OID = 06 07 2B 24 08 03 0B 01 0C
 Comment = Teletrust ProfessionInfo
-Description = notariatsverwalterin (1 3 36 8 3 11 12)
+Description = notariatsVerwalterin (1 3 36 8 3 11 1 12)
 
-OID = 06 07 2B 24 08 03 0B 01 13
+OID = 06 07 2B 24 08 03 0B 01 0D
 Comment = Teletrust ProfessionInfo
-Description = notariatsverwalter (1 3 36 8 3 11 13)
+Description = notariatsVerwalter (1 3 36 8 3 11 1 13)
 
-OID = 06 07 2B 24 08 03 0B 01 14
+OID = 06 07 2B 24 08 03 0B 01 0E
 Comment = Teletrust ProfessionInfo
-Description = wirtschaftsprueferin (1 3 36 8 3 11 14)
+Description = wirtschaftsPrueferin (1 3 36 8 3 11 1 14)
 
-OID = 06 07 2B 24 08 03 0B 01 15
+OID = 06 07 2B 24 08 03 0B 01 0F
 Comment = Teletrust ProfessionInfo
-Description = wirtschaftspruefer (1 3 36 8 3 11 15)
+Description = wirtschaftsPruefer (1 3 36 8 3 11 1 15)
 
-OID = 06 07 2B 24 08 03 0B 01 16
+OID = 06 07 2B 24 08 03 0B 01 10
 Comment = Teletrust ProfessionInfo
-Description = vereidigteBuchprueferin (1 3 36 8 3 11 16)
+Description = vereidigteBuchprueferin (1 3 36 8 3 11 1 16)
 
-OID = 06 07 2B 24 08 03 0B 01 17
+OID = 06 07 2B 24 08 03 0B 01 11
 Comment = Teletrust ProfessionInfo
-Description = vereidigterBuchpruefer (1 3 36 8 3 11 17)
+Description = vereidigterBuchpruefer (1 3 36 8 3 11 1 17)
 
-OID = 06 07 2B 24 08 03 0B 01 18
+OID = 06 07 2B 24 08 03 0B 01 12
 Comment = Teletrust ProfessionInfo
-Description = patentanwaeltin (1 3 36 8 3 11 18)
+Description = patentAnwaeltin (1 3 36 8 3 11 1 18)
 
-OID = 06 07 2B 24 08 03 0B 01 19
+OID = 06 07 2B 24 08 03 0B 01 13
 Comment = Teletrust ProfessionInfo
-Description = patentanwalt (1 3 36 8 3 11 19)
+Description = patentAnwalt (1 3 36 8 3 11 1 19)
 
 OID = 06 05 2B 24 08 03 0C
-Comment = Teletrust attribute
+Comment = Teletrust OCSP attribute (obsolete)
 Description = certInDirSince (1 3 36 8 3 12)
+Warning
 
 OID = 06 05 2B 24 08 03 0D
-Comment = Teletrust attribute
+Comment = Teletrust OCSP attribute
 Description = certHash (1 3 36 8 3 13)
 
 OID = 06 05 2B 24 08 03 0E
@@ -4024,7 +4198,7 @@ OID = 06 06 2B 24 08 07 01 2D
 Comment = Teletrust presentation types
 Description = ptWPGrph (1 3 36 8 7 1 45)
 
-# Brainpool ECC Curves.  Note that these fall under the Teletrust ECC 
+# Brainpool ECC Curves.  Note that these fall under the Teletrust ECC
 # signature algorithm arc (ecsieSign, 1 3 36 3 3 2), but they're listed
 # separately here because they were standardised under the Brainpool
 # initiative.
@@ -4095,7 +4269,7 @@ OID = 06 05 2B 65 01 04 01
 Comment = Thawte certificate extension
 Description = strongExtranet (1 3 101 1 4 1)
 
-# SECG (Standards for Efficient Cryptography Group), who are just 
+# SECG (Standards for Efficient Cryptography Group), who are just
 # Certicom "All your curves are belong to us" named elliptic curves
 
 OID = 06 05 2B 81 04 00 01
@@ -4997,15 +5171,15 @@ OID = 06 09 60 86 48 01 65 02 01 02 49
 Comment = SDN.700 INFOSEC format
 Description = mspForwardedMessageParameters (2 16 840 1 101 2 1 2 73)
 
-OID = 06 09 60 86 48 01 65 02 01 02 50
+OID = 06 09 60 86 48 01 65 02 01 02 4A
 Comment = SDN.700 INFOSEC format
 Description = forwardedCSPMsgBodyPart (2 16 840 1 101 2 1 2 74)
 
-OID = 06 09 60 86 48 01 65 02 01 02 51
+OID = 06 09 60 86 48 01 65 02 01 02 4B
 Comment = SDN.700 INFOSEC format
 Description = cspForwardedMessageParameters (2 16 840 1 101 2 1 2 75)
 
-OID = 06 09 60 86 48 01 65 02 01 02 52
+OID = 06 09 60 86 48 01 65 02 01 02 4C
 Comment = SDN.700 INFOSEC format
 Description = mspMMP2 (2 16 840 1 101 2 1 2 76)
 
@@ -5409,15 +5583,15 @@ OID = 06 0B 60 86 48 01 65 02 01 0C 00 01 00
 Comment = SDN.700 INFOSEC test objects
 Description = tsp1SecurityCategories (2 16 840 1 101 2 1 12 0 1 0)
 
-OID = 06 0B 60 86 48 01 65 02 01 0C 00 01 00 00
+OID = 06 0C 60 86 48 01 65 02 01 0C 00 01 00 00
 Comment = SDN.700 INFOSEC test objects
 Description = tsp1TagSetZero (2 16 840 1 101 2 1 12 0 1 0 0)
 
-OID = 06 0B 60 86 48 01 65 02 01 0C 00 01 00 01
+OID = 06 0C 60 86 48 01 65 02 01 0C 00 01 00 01
 Comment = SDN.700 INFOSEC test objects
 Description = tsp1TagSetOne (2 16 840 1 101 2 1 12 0 1 0 1)
 
-OID = 06 0B 60 86 48 01 65 02 01 0C 00 01 00 02
+OID = 06 0C 60 86 48 01 65 02 01 0C 00 01 00 02
 Comment = SDN.700 INFOSEC test objects
 Description = tsp1TagSetTwo (2 16 840 1 101 2 1 12 0 1 0 2)
 
@@ -5429,15 +5603,15 @@ OID = 06 0B 60 86 48 01 65 02 01 0C 00 02 00
 Comment = SDN.700 INFOSEC test objects
 Description = tsp2SecurityCategories (2 16 840 1 101 2 1 12 0 2 0)
 
-OID = 06 0B 60 86 48 01 65 02 01 0C 00 02 00 00
+OID = 06 0C 60 86 48 01 65 02 01 0C 00 02 00 00
 Comment = SDN.700 INFOSEC test objects
 Description = tsp2TagSetZero (2 16 840 1 101 2 1 12 0 2 0 0)
 
-OID = 06 0B 60 86 48 01 65 02 01 0C 00 02 00 01
+OID = 06 0C 60 86 48 01 65 02 01 0C 00 02 00 01
 Comment = SDN.700 INFOSEC test objects
 Description = tsp2TagSetOne (2 16 840 1 101 2 1 12 0 2 0 1)
 
-OID = 06 0B 60 86 48 01 65 02 01 0C 00 02 00 02
+OID = 06 0C 60 86 48 01 65 02 01 0C 00 02 00 02
 Comment = SDN.700 INFOSEC test objects
 Description = tsp2TagSetTwo (2 16 840 1 101 2 1 12 0 2 0 2)
 
@@ -5450,15 +5624,15 @@ OID = 06 0B 60 86 48 01 65 02 01 0C 00 03 00
 Comment = SDN.700 INFOSEC test objects
 Description = kafkaSecurityCategories (2 16 840 1 101 2 1 12 0 3 0)
 
-OID = 06 0B 60 86 48 01 65 02 01 0C 00 03 00 01
+OID = 06 0C 60 86 48 01 65 02 01 0C 00 03 00 01
 Comment = SDN.700 INFOSEC test objects
 Description = kafkaTagSetName1 (2 16 840 1 101 2 1 12 0 3 0 1)
 
-OID = 06 0B 60 86 48 01 65 02 01 0C 00 03 00 02
+OID = 06 0C 60 86 48 01 65 02 01 0C 00 03 00 02
 Comment = SDN.700 INFOSEC test objects
 Description = kafkaTagSetName2 (2 16 840 1 101 2 1 12 0 3 0 2)
 
-OID = 06 0B 60 86 48 01 65 02 01 0C 00 03 00 03
+OID = 06 0C 60 86 48 01 65 02 01 0C 00 03 00 03
 Comment = SDN.700 INFOSEC test objects
 Description = kafkaTagSetName3 (2 16 840 1 101 2 1 12 0 3 0 3)
 
@@ -5714,7 +5888,7 @@ OID = 06 0B 60 86 48 01 86 F8 37 01 02 08 5F
 Comment = Novell digest algorithm
 Description = MD4 (2 16 840 1 113719 1 2 8 95)
 
-OID = 06 0B 60 86 48 01 86 F8 37 01 02 08 81 02
+OID = 06 0C 60 86 48 01 86 F8 37 01 02 08 81 02
 Comment = Novell keyed hash
 Description = MD4Packet (2 16 840 1 113719 1 2 8 130)
 
@@ -5726,7 +5900,7 @@ OID = 06 0C 60 86 48 01 86 F8 37 01 02 08 81 04
 Comment = Novell encryption algorithm
 Description = NWPassword (2 16 840 1 113719 1 2 8 132)
 
-OID = 06 0B 60 86 48 01 86 F8 37 01 02 08 81 05
+OID = 06 0C 60 86 48 01 86 F8 37 01 02 08 81 05
 Comment = Novell encryption algorithm
 Description = novellObfuscate-1 (2 16 840 1 113719 1 2 8 133)
 
@@ -6014,11 +6188,11 @@ Description = amount (2 23 42 2 10)
 
 OID = 06 04 67 2A 02 0B
 Comment = SET field
-Description = accountNumber (2 23 42 2 7 11)
+Description = accountNumber (2 23 42 2 11)
 
 OID = 06 04 67 2A 02 0C
 Comment = SET field
-Description = passPhrase (2 23 42 2 7 12)
+Description = passPhrase (2 23 42 2 12)
 
 OID = 06 03 67 2A 03
 Comment = SET
@@ -6276,47 +6450,76 @@ OID = 06 03 67 2A 0A
 Comment = SET
 Description = national (2 23 42 10)
 
-OID = 06 05 67 2A 0A E2 00
+OID = 06 05 67 2A 0A 83 08
 Comment = SET national
 Description = Japan (2 23 42 10 392)
 
 # Draft SET.  These were invented for testing in pre-1.0 drafts, but have
 # been used nonetheless by implementors
 
-OID = 06 04 86 8D 6F 02
+OID = 06 05 81 06 8D 6F 02
 Comment = SET.  Deprecated, use (2 23 42 7 0) instead
 Description = hashedRootKey (2 54 1775 2)
 Warning
 
-OID = 06 04 86 8D 6F 03
+OID = 06 05 81 06 8D 6F 03
 Comment = SET.  Deprecated, use (2 23 42 7 0) instead
 Description = certificateType (2 54 1775 3)
 Warning
 
-OID = 06 04 86 8D 6F 04
+OID = 06 05 81 06 8D 6F 04
 Comment = SET.  Deprecated, use (2 23 42 7 0) instead
 Description = merchantData (2 54 1775 4)
 Warning
 
-OID = 06 04 86 8D 6F 05
+OID = 06 05 81 06 8D 6F 05
 Comment = SET.  Deprecated, use (2 23 42 7 0) instead
 Description = cardCertRequired (2 54 1775 5)
 Warning
 
-OID = 06 04 86 8D 6F 06
+OID = 06 05 81 06 8D 6F 06
 Comment = SET.  Deprecated, use (2 23 42 7 0) instead
 Description = tunneling (2 54 1775 6)
 Warning
 
-OID = 06 04 86 8D 6F 07
+OID = 06 05 81 06 8D 6F 07
 Comment = SET.  Deprecated, use (2 23 42 7 0) instead
 Description = setQualifier (2 54 1775 7)
 Warning
 
-OID = 06 04 86 8D 6F 63
+OID = 06 05 81 06 8D 6F 63
 Comment = SET.  Deprecated, use (2 23 42 7 0) instead
 Description = setData (2 54 1775 99)
 Warning
 
 # End of Fahnenstange
 
+# Local additions
+
+OID = 06 08 2B 06 01 05 05 07 0E 02
+Comment = RPKI project
+Description = id-cp-ipAddr-asNumber (1 3 6 1 5 5 7 14 2)
+
+OID = 06 08 2B 06 01 05 05 07 30 09
+Comment = RPKI project
+Description = id-ad-signedObjectRepository (1 3 6 1 5 5 7 48 9)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 01 18
+Comment = RPKI project
+Description = id-ct-routeOriginAttestation (1 2 840 113549 1 9 16 1 24)
+
+OID = 06 08 2B 06 01 05 05 07 30 0A
+Comment = RPKI project
+Description = id-ad-rpkiManifest (1 3 6 1 5 5 7 48 10)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 01 1A
+Comment = RPKI project
+Description = id-ct-rpkiManifest (1 2 840 113549 1 9 16 1 26)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 01 1C
+Comment = RPKI project
+Description = id-ct-xml (1 2 840 113549 1 9 16 1 28)
+
+OID = 06 08 2B 06 01 05 05 07 30 0B
+Comment = RPKI project
+Description = id-ad-signedObject (1 3 6 1 5 5 7 48 11)
diff --git a/rpkid/missing-oids.py b/rpkid/missing-oids.py
new file mode 100644
index 00000000..e0667c52
--- /dev/null
+++ b/rpkid/missing-oids.py
@@ -0,0 +1,35 @@
+# $Id$
+
+# Copyright (C) 2008  American Registry for Internet Numbers ("ARIN")
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+"""
+Figure out what OIDs from rpki.oids are missing from dumpasn1's database.
+"""
+
+import POW.pkix, rpki.oids
+
+print
+print "# Local additions"
+
+for oid,name in rpki.oids.oid2name.items():
+  try:
+    POW.pkix.oid2obj(oid)
+  except:
+    o = POW.pkix.Oid()
+    o.set(oid)
+    print
+    print "OID =", " ".join(("%02X" % ord(c)) for c in o.toString())
+    print "Comment = RPKI project"
+    print "Description =", name, "(" + " ".join((str(i) for i in oid)) + ")"
author	Rob Austein <sra@hactrn.net>	2008-04-20 08:38:11 +0000
committer	Rob Austein <sra@hactrn.net>	2008-04-20 08:38:11 +0000
commit	2e30f96bfd94b3831c31e18e7d4fbdcf38dd0103 (patch)
tree	af095ebe8841849bdab1270bdacde79a99b66939
parent	2f7d52b734f01869c6b2a9186700b0deaa054dcd (diff)