gecko/security/nss/lib/pki1/oids.txt

# 
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is
# Netscape Communications Corporation.
# Portions created by the Initial Developer are Copyright (C) 1994-2000
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
CVS_ID "@(#) $RCSfile: oids.txt,v $ $Revision: 1.3 $ $Date: 2005/02/02 22:28:24 $"

# Fields
#  OID  -- the OID data itself, in dotted-number format
#  TAG  -- the unofficial but common name.  e.g., when written like
#          { joint-iso-ccitt(2) country(16) US(840) company(1) netscape(113730) }
#          those words ("joint-iso-ccitt," "country," etc.) are the tags.
#  EXPL -- a textual explanation, that should stand by itself
#  NAME -- the name we use in our code.  If no NAME is given, it won't be included
#
# Additionally, some sets of OIDs map to some other spaces.. 
# additional fields capture that data:
#
#  CKM  -- the corresponding Cryptoki Mechanism, if any
#  CKK  -- the corresponding Cryptoki Key type, if any
#  ATTR -- the UTF-8 attribute type encoding, if applicable
#          it should be in the standard presentation style (e.g., lowercase),
#          already-escaped a la RFC 2253 if necessary (which would only
#          be necessary if some idiot defined an attribute with, say,
#          an equals sign in it)
#  CERT_EXTENSION -- SUPPORTED or UNSUPPORTED certificate extension, if applicable

# Top of the OID tree -- see http://www.alvestrand.no/objectid/top.html
# 
OID 0
TAG ccitt               # ITU-T used to be called CCITT
EXPL "ITU-T"

# See X.208 Annex C for an explanation of the OIDs below ccitt/itu-t

OID 0.0
TAG recommendation
EXPL "ITU-T Recommendation"

OID 0.1
TAG question
EXPL "ITU-T Question"

OID 0.2
TAG administration
EXPL "ITU-T Administration"

OID 0.3
TAG network-operator
EXPL "ITU-T Network Operator"

OID 0.4
TAG identified-organization
EXPL "ITU-T Identified Organization"

OID 0.9           # used in some RFCs (unofficial!)
TAG data
EXPL "RFC Data"

OID 0.9.2342
TAG pss
EXPL "PSS British Telecom X.25 Network"

OID 0.9.2342.19200300
TAG ucl
EXPL "RFC 1274 UCL Data networks"

OID 0.9.2342.19200300.100
TAG pilot
EXPL "RFC 1274 pilot"

OID 0.9.2342.19200300.100.1
TAG attributeType
EXPL "RFC 1274 Attribute Type"

OID 0.9.2342.19200300.100.1.1
TAG uid
EXPL "RFC 1274 User Id"
NAME NSS_OID_RFC1274_UID
ATTR "uid"

OID 0.9.2342.19200300.100.1.3
TAG mail
EXPL "RFC 1274 E-mail Addres"
NAME NSS_OID_RFC1274_EMAIL
ATTR "mail" # XXX fgmr

OID 0.9.2342.19200300.100.1.25
TAG dc
EXPL "RFC 2247 Domain Component"
NAME NSS_OID_RFC2247_DC
ATTR "dc"

OID 0.9.2342.19200300.100.3
TAG attributeSyntax
EXPL "RFC 1274 Attribute Syntax"

OID 0.9.2342.19200300.100.3.4
TAG iA5StringSyntax
EXPL "RFC 1274 IA5 String Attribute Syntax"

OID 0.9.2342.19200300.100.3.5
TAG caseIgnoreIA5StringSyntax
EXPL "RFC 1274 Case-Ignore IA5 String Attribute Syntax"

OID 0.9.2342.19200300.100.4
TAG objectClass
EXPL "RFC 1274 Object Class"

OID 0.9.2342.19200300.100.10
TAG groups
EXPL "RFC 1274 Groups"

OID 0.9.2342.234219200300 
TAG ucl
EXPL "RFC 1327 ucl"

OID 1
TAG iso
EXPL "ISO"

# See X.208 Annex B for an explanation of the OIDs below iso

OID 1.0
TAG standard
EXPL "ISO Standard"

OID 1.1
TAG registration-authority
EXPL "ISO Registration Authority"

OID 1.2
TAG member-body
EXPL "ISO Member Body"

OID 1.2.36
TAG australia
EXPL "Australia (ISO)"

OID 1.2.158
TAG taiwan
EXPL "Taiwan (ISO)"

OID 1.2.372 
TAG ireland
EXPL "Ireland (ISO)"

OID 1.2.578 
TAG norway
EXPL "Norway (ISO)"

OID 1.2.752 
TAG sweden
EXPL "Sweden (ISO)"

OID 1.2.826 
TAG great-britain
EXPL "Great Britain (ISO)"

OID 1.2.840
TAG us
EXPL "United States (ISO)"

OID 1.2.840.1 
TAG organization
EXPL "US (ISO) organization"

OID 1.2.840.10003
TAG ansi-z30-50
EXPL "ANSI Z39.50"

OID 1.2.840.10008
TAG dicom
EXPL "DICOM"

OID 1.2.840.10017
TAG ieee-1224
EXPL "IEEE 1224"

OID 1.2.840.10022
TAG ieee-802-10
EXPL "IEEE 802.10"

OID 1.2.840.10036
TAG ieee-802-11
EXPL "IEEE 802.11"

OID 1.2.840.10040
TAG x9-57
EXPL "ANSI X9.57"

# RFC 2459:
#
# holdInstruction OBJECT IDENTIFIER ::=
#           {iso(1) member-body(2) us(840) x9cm(10040) 2}
#
# Note that the appendices of RFC 2459 define the (wrong) value
# of 2.2.840.10040.2 for this oid.
OID 1.2.840.10040.2
TAG holdInstruction
EXPL "ANSI X9.57 Hold Instruction"

# RFC 2459:
#
# id-holdinstruction-none OBJECT IDENTIFIER  ::=
#                 {holdInstruction 1} -- deprecated
OID 1.2.840.10040.2.1
TAG id-holdinstruction-none
EXPL "ANSI X9.57 Hold Instruction: None"

# RFC 2459:
#
# id-holdinstruction-callissuer OBJECT IDENTIFIER ::=
#                 {holdInstruction 2}
OID 1.2.840.10040.2.2
TAG id-holdinstruction-callissuer
EXPL "ANSI X9.57 Hold Instruction: Call Issuer"

# RFC 2459:
#
# id-holdinstruction-reject OBJECT IDENTIFIER ::=
#                 {holdInstruction 3}
OID 1.2.840.10040.2.3
TAG id-holdinstruction-reject
EXPL "ANSI X9.57 Hold Instruction: Reject"

OID 1.2.840.10040.4
TAG x9algorithm
EXPL "ANSI X9.57 Algorithm"

# RFC 2459:
#
# id-dsa OBJECT IDENTIFIER ::= {
#      iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) 1 }
OID 1.2.840.10040.4.1
TAG id-dsa
EXPL "ANSI X9.57 DSA Signature"
NAME NSS_OID_ANSIX9_DSA_SIGNATURE
CKM CKM_DSA
CKK CKK_DSA

# RFC 2459:
#
# id-dsa-with-sha1 OBJECT IDENTIFIER ::=  {
#      iso(1) member-body(2) us(840) x9-57 (10040) x9algorithm(4) 3 }
OID 1.2.840.10040.4.3
TAG id-dsa-with-sha1
EXPL "ANSI X9.57 Algorithm DSA Signature with SHA-1 Digest"
NAME NSS_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST
CKM CKM_DSA_SHA1

OID 1.2.840.10046
TAG x942
EXPL "ANSI X9.42"

OID 1.2.840.10046.2
TAG algorithm
EXPL "ANSI X9.42 Algorithm"

# RFC 2459:
#
# dhpublicnumber OBJECT IDENTIFIER ::= {
#      iso(1) member-body(2) us(840) ansi-x942(10046) number-type(2) 1 }
OID 1.2.840.10046.2.1
TAG dhpublicnumber
EXPL "Diffie-Hellman Public Key Algorithm"
NAME NSS_OID_X942_DIFFIE_HELMAN_KEY
CKM CKM_DH_PKCS_DERIVE
CKK CKK_DH

OID 1.2.840.113533
TAG entrust
EXPL "Entrust Technologies"

OID 1.2.840.113549 
TAG rsadsi
EXPL "RSA Data Security Inc."

OID 1.2.840.113549.1 
# http://www.rsa.com/rsalabs/pubs/PKCS/
TAG pkcs
EXPL "PKCS"

# RFC 2459:
#
# pkcs-1 OBJECT IDENTIFIER ::= {
#      iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 }
OID 1.2.840.113549.1.1
# ftp://ftp.rsa.com/pub/pkcs/ascii/pkcs-1.asc
TAG pkcs-1
EXPL "PKCS #1"

# RFC 2459:
#
# rsaEncryption OBJECT IDENTIFIER ::=  { pkcs-1 1 }
OID 1.2.840.113549.1.1.1
TAG rsaEncryption
EXPL "PKCS #1 RSA Encryption"
NAME NSS_OID_PKCS1_RSA_ENCRYPTION
CKM CKM_RSA_PKCS
CKK CKK_RSA

# RFC 2459:
#
# md2WithRSAEncryption OBJECT IDENTIFIER  ::=  { pkcs-1 2 }
OID 1.2.840.113549.1.1.2 
TAG md2WithRSAEncryption
EXPL "PKCS #1 MD2 With RSA Encryption"      
NAME NSS_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION
CKM CKM_MD2_RSA_PKCS

OID 1.2.840.113549.1.1.3 
TAG md4WithRSAEncryption
EXPL "PKCS #1 MD4 With RSA Encryption"      
NAME NSS_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION
# No CKM!

# RFC 2459:
#
# md5WithRSAEncryption OBJECT IDENTIFIER  ::=  { pkcs-1 4 }
OID 1.2.840.113549.1.1.4 
TAG md5WithRSAEncryption
EXPL "PKCS #1 MD5 With RSA Encryption"      
NAME NSS_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION
CKM CKM_MD5_RSA_PKCS

# RFC 2459:
#
# sha1WithRSAEncryption OBJECT IDENTIFIER  ::=  { pkcs-1 5 }
OID 1.2.840.113549.1.1.5 
TAG sha1WithRSAEncryption
EXPL "PKCS #1 SHA-1 With RSA Encryption"    
NAME NSS_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION
CKM CKM_SHA1_RSA_PKCS

OID 1.2.840.113549.1.5 
# ftp://ftp.rsa.com/pub/pkcs/ascii/pkcs-5.asc
TAG pkcs-5
EXPL "PKCS #5"

OID 1.2.840.113549.1.5.1 
TAG pbeWithMD2AndDES-CBC
EXPL "PKCS #5 Password Based Encryption With MD2 and DES-CBC"     
NAME NSS_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC
CKM CKM_PBE_MD2_DES_CBC

OID 1.2.840.113549.1.5.3 
TAG pbeWithMD5AndDES-CBC
EXPL "PKCS #5 Password Based Encryption With MD5 and DES-CBC"     
NAME NSS_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC
CKM CKM_PBE_MD5_DES_CBC

OID 1.2.840.113549.1.5.10 
TAG pbeWithSha1AndDES-CBC
EXPL "PKCS #5 Password Based Encryption With SHA-1 and DES-CBC"   
NAME NSS_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC
CKM CKM_NETSCAPE_PBE_SHA1_DES_CBC

OID 1.2.840.113549.1.7 
# ftp://ftp.rsa.com/pub/pkcs/ascii/pkcs-7.asc
TAG pkcs-7
EXPL "PKCS #7"
NAME NSS_OID_PKCS7

OID 1.2.840.113549.1.7.1
TAG data
EXPL "PKCS #7 Data"
NAME NSS_OID_PKCS7_DATA

OID 1.2.840.113549.1.7.2 
TAG signedData
EXPL "PKCS #7 Signed Data"
NAME NSS_OID_PKCS7_SIGNED_DATA

OID 1.2.840.113549.1.7.3 
TAG envelopedData
EXPL "PKCS #7 Enveloped Data"
NAME NSS_OID_PKCS7_ENVELOPED_DATA

OID 1.2.840.113549.1.7.4 
TAG signedAndEnvelopedData
EXPL "PKCS #7 Signed and Enveloped Data"
NAME NSS_OID_PKCS7_SIGNED_ENVELOPED_DATA

OID 1.2.840.113549.1.7.5 
TAG digestedData
EXPL "PKCS #7 Digested Data"
NAME NSS_OID_PKCS7_DIGESTED_DATA

OID 1.2.840.113549.1.7.6 
TAG encryptedData
EXPL "PKCS #7 Encrypted Data"
NAME NSS_OID_PKCS7_ENCRYPTED_DATA

# RFC 2459:
#
# pkcs-9 OBJECT IDENTIFIER ::=
#        { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 }
OID 1.2.840.113549.1.9 
# ftp://ftp.rsa.com/pub/pkcs/ascii/pkcs-9.asc
TAG pkcs-9
EXPL "PKCS #9"

# RFC 2459:
#
# emailAddress AttributeType      ::= { pkcs-9 1 }
OID 1.2.840.113549.1.9.1
TAG emailAddress
EXPL "PKCS #9 Email Address"
NAME NSS_OID_PKCS9_EMAIL_ADDRESS

OID 1.2.840.113549.1.9.2 
TAG unstructuredName
EXPL "PKCS #9 Unstructured Name"
NAME NSS_OID_PKCS9_UNSTRUCTURED_NAME

OID 1.2.840.113549.1.9.3 
TAG contentType
EXPL "PKCS #9 Content Type"
NAME NSS_OID_PKCS9_CONTENT_TYPE

OID 1.2.840.113549.1.9.4 
TAG messageDigest
EXPL "PKCS #9 Message Digest"
NAME NSS_OID_PKCS9_MESSAGE_DIGEST

OID 1.2.840.113549.1.9.5 
TAG signingTime
EXPL "PKCS #9 Signing Time"
NAME NSS_OID_PKCS9_SIGNING_TIME

OID 1.2.840.113549.1.9.6 
TAG counterSignature
EXPL "PKCS #9 Counter Signature"
NAME NSS_OID_PKCS9_COUNTER_SIGNATURE

OID 1.2.840.113549.1.9.7 
TAG challengePassword
EXPL "PKCS #9 Challenge Password"
NAME NSS_OID_PKCS9_CHALLENGE_PASSWORD

OID 1.2.840.113549.1.9.8 
TAG unstructuredAddress
EXPL "PKCS #9 Unstructured Address"
NAME NSS_OID_PKCS9_UNSTRUCTURED_ADDRESS

OID 1.2.840.113549.1.9.9 
TAG extendedCertificateAttributes
EXPL "PKCS #9 Extended Certificate Attributes"
NAME NSS_OID_PKCS9_EXTENDED_CERTIFICATE_ATTRIBUTES

OID 1.2.840.113549.1.9.15 
TAG sMIMECapabilities
EXPL "PKCS #9 S/MIME Capabilities"
NAME NSS_OID_PKCS9_SMIME_CAPABILITIES

OID 1.2.840.113549.1.9.20
TAG friendlyName
EXPL "PKCS #9 Friendly Name"
NAME NSS_OID_PKCS9_FRIENDLY_NAME

OID 1.2.840.113549.1.9.21
TAG localKeyID
EXPL "PKCS #9 Local Key ID"
NAME NSS_OID_PKCS9_LOCAL_KEY_ID

OID 1.2.840.113549.1.9.22 
TAG certTypes
EXPL "PKCS #9 Certificate Types"

OID 1.2.840.113549.1.9.22.1
TAG x509Certificate
EXPL "PKCS #9 Certificate Type = X.509"
NAME NSS_OID_PKCS9_X509_CERT

OID 1.2.840.113549.1.9.22.2
TAG sdsiCertificate
EXPL "PKCS #9 Certificate Type = SDSI"
NAME NSS_OID_PKCS9_SDSI_CERT

OID 1.2.840.113549.1.9.23 
TAG crlTypes
EXPL "PKCS #9 Certificate Revocation List Types"

OID 1.2.840.113549.1.9.23.1
TAG x509Crl
EXPL "PKCS #9 CRL Type = X.509"
NAME NSS_OID_PKCS9_X509_CRL

OID 1.2.840.113549.1.12
# http://www.rsa.com/rsalabs/pubs/PKCS/html/pkcs-12.html
# NOTE -- PKCS #12                          multiple contradictory
#         documents exist.  Somebody go figure out the canonical
#         OID list, keeping in mind backwards-compatability..
TAG pkcs-12
EXPL "PKCS #12"
NAME NSS_OID_PKCS12

OID 1.2.840.113549.1.12.1 
TAG pkcs-12PbeIds
EXPL "PKCS #12 Password Based Encryption IDs"
NAME NSS_OID_PKCS12_PBE_IDS
# We called it SEC_OID_PKCS12_MODE_IDS

OID 1.2.840.113549.1.12.1.1
TAG pbeWithSHA1And128BitRC4
EXPL "PKCS #12 Password Based Encryption With SHA-1 and 128-bit RC4"
NAME NSS_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4
CKM CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4
# We called it SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4

OID 1.2.840.113549.1.12.1.2
TAG pbeWithSHA1And40BitRC4
EXPL "PKCS #12 Password Based Encryption With SHA-1 and 40-bit RC4"
NAME NSS_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4
CKM CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4
# We called it SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4

OID 1.2.840.113549.1.12.1.3
TAG pbeWithSHA1And3-KeyTripleDES-CBC
EXPL "PKCS #12 Password Based Encryption With SHA-1 and 3-key Triple DES-CBC"
NAME NSS_OID_PKCS12_PBE_WITH_SHA1_AND_3_KEY_TRIPLE_DES_CBC
CKM CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC
# We called it SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC

OID 1.2.840.113549.1.12.1.4
TAG pbeWithSHA1And2-KeyTripleDES-CBC
EXPL "PKCS #12 Password Based Encryption With SHA-1 and 2-key Triple DES-CBC"
NAME NSS_OID_PKCS12_PBE_WITH_SHA1_AND_2_KEY_TRIPLE_DES_CBC
CKM CKM_PBE_SHA1_DES2_EDE_CBC
# We called it SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC

OID 1.2.840.113549.1.12.1.5
TAG pbeWithSHA1And128BitRC2-CBC
EXPL "PKCS #12 Password Based Encryption With SHA-1 and 128-bit RC2-CBC"
NAME NSS_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC
CKM CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC
# We called it SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC

OID 1.2.840.113549.1.12.1.6
TAG pbeWithSHA1And40BitRC2-CBC
EXPL "PKCS #12 Password Based Encryption With SHA-1 and 40-bit RC2-CBC"
NAME NSS_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC
CKM CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC
# We called it SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC

OID 1.2.840.113549.1.12.2 
TAG pkcs-12EspvkIds
EXPL "PKCS #12 ESPVK IDs"
# We called it SEC_OID_PKCS12_ESPVK_IDS

OID 1.2.840.113549.1.12.2.1
TAG pkcs8-key-shrouding
EXPL "PKCS #12 Key Shrouding"
# We called it SEC_OID_PKCS12_PKCS8_KEY_SHROUDING

OID 1.2.840.113549.1.12.3 
TAG draft1Pkcs-12Bag-ids
EXPL "Draft 1.0 PKCS #12 Bag IDs"
# We called it SEC_OID_PKCS12_BAG_IDS

OID 1.2.840.113549.1.12.3.1
TAG keyBag
EXPL "Draft 1.0 PKCS #12 Key Bag"
# We called it SEC_OID_PKCS12_KEY_BAG_ID

OID 1.2.840.113549.1.12.3.2
TAG certAndCRLBagId
EXPL "Draft 1.0 PKCS #12 Cert and CRL Bag ID"
# We called it SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID

OID 1.2.840.113549.1.12.3.3
TAG secretBagId
EXPL "Draft 1.0 PKCS #12 Secret Bag ID"
# We called it SEC_OID_PKCS12_SECRET_BAG_ID

OID 1.2.840.113549.1.12.3.4
TAG safeContentsId
EXPL "Draft 1.0 PKCS #12 Safe Contents Bag ID"
# We called it SEC_OID_PKCS12_SAFE_CONTENTS_ID

OID 1.2.840.113549.1.12.3.5
TAG pkcs-8ShroudedKeyBagId
EXPL "Draft 1.0 PKCS #12 PKCS #8-shrouded Key Bag ID"
# We called it SEC_OID_PKCS12_PKCS8_SHROUDED_KEY_BAG_ID

OID 1.2.840.113549.1.12.4 
TAG pkcs-12CertBagIds
EXPL "PKCS #12 Certificate Bag IDs"
# We called it SEC_OID_PKCS12_CERT_BAG_IDS

OID 1.2.840.113549.1.12.4.1
TAG x509CertCRLBagId
EXPL "PKCS #12 X.509 Certificate and CRL Bag"
# We called it SEC_OID_PKCS12_X509_CERT_CRL_BAG

OID 1.2.840.113549.1.12.4.2
TAG SDSICertBagID
EXPL "PKCS #12 SDSI Certificate Bag"
# We called it SEC_OID_PKCS12_SDSI_CERT_BAG

OID 1.2.840.113549.1.12.5 
TAG pkcs-12Oids
EXPL "PKCS #12 OIDs (XXX)"
# We called it SEC_OID_PKCS12_OIDS

OID 1.2.840.113549.1.12.5.1 
TAG pkcs-12PbeIds
EXPL "PKCS #12 OIDs PBE IDs (XXX)"
# We called it SEC_OID_PKCS12_PBE_IDS

OID 1.2.840.113549.1.12.5.1.1
TAG pbeWithSha1And128BitRC4
EXPL "PKCS #12 OIDs PBE with SHA-1 and 128-bit RC4 (XXX)"
CKM CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4
# We called it SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4

OID 1.2.840.113549.1.12.5.1.2
TAG pbeWithSha1And40BitRC4
EXPL "PKCS #12 OIDs PBE with SHA-1 and 40-bit RC4 (XXX)"
CKM CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4
# We called it SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4

OID 1.2.840.113549.1.12.5.1.3
TAG pbeWithSha1AndTripleDES-CBC
EXPL "PKCS #12 OIDs PBE with SHA-1 and Triple DES-CBC (XXX)"
CKM CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC
# We called it SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC

OID 1.2.840.113549.1.12.5.1.4
TAG pbeWithSha1And128BitRC2-CBC
EXPL "PKCS #12 OIDs PBE with SHA-1 and 128-bit RC2-CBC (XXX)"
CKM CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC
# We called it SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC

OID 1.2.840.113549.1.12.5.1.5
TAG pbeWithSha1And40BitRC2-CBC
EXPL "PKCS #12 OIDs PBE with SHA-1 and 40-bit RC2-CBC (XXX)"
CKM CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC
# We called it SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC

OID 1.2.840.113549.1.12.5.2 
TAG pkcs-12EnvelopingIds
EXPL "PKCS #12 OIDs Enveloping IDs (XXX)"
# We called it SEC_OID_PKCS12_ENVELOPING_IDS

OID 1.2.840.113549.1.12.5.2.1
TAG rsaEncryptionWith128BitRC4
EXPL "PKCS #12 OIDs Enveloping RSA Encryption with 128-bit RC4"
# We called it SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_128_BIT_RC4

OID 1.2.840.113549.1.12.5.2.2
TAG rsaEncryptionWith40BitRC4
EXPL "PKCS #12 OIDs Enveloping RSA Encryption with 40-bit RC4"
# We called it SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_40_BIT_RC4

OID 1.2.840.113549.1.12.5.2.3
TAG rsaEncryptionWithTripleDES
EXPL "PKCS #12 OIDs Enveloping RSA Encryption with Triple DES"
# We called it SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_TRIPLE_DES

OID 1.2.840.113549.1.12.5.3 
TAG pkcs-12SignatureIds
EXPL "PKCS #12 OIDs Signature IDs (XXX)"
# We called it SEC_OID_PKCS12_SIGNATURE_IDS

OID 1.2.840.113549.1.12.5.3.1
TAG rsaSignatureWithSHA1Digest
EXPL "PKCS #12 OIDs RSA Signature with SHA-1 Digest"
# We called it SEC_OID_PKCS12_RSA_SIGNATURE_WITH_SHA1_DIGEST

OID 1.2.840.113549.1.12.10 
TAG pkcs-12Version1
EXPL "PKCS #12 Version 1"

OID 1.2.840.113549.1.12.10.1
TAG pkcs-12BagIds
EXPL "PKCS #12 Bag IDs"

OID 1.2.840.113549.1.12.10.1.1
TAG keyBag
EXPL "PKCS #12 Key Bag"
NAME NSS_OID_PKCS12_KEY_BAG
# We called it SEC_OID_PKCS12_V1_KEY_BAG_ID

OID 1.2.840.113549.1.12.10.1.2
TAG pkcs-8ShroudedKeyBag
EXPL "PKCS #12 PKCS #8-shrouded Key Bag"
NAME NSS_OID_PKCS12_PKCS8_SHROUDED_KEY_BAG
# We called it SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID

OID 1.2.840.113549.1.12.10.1.3
TAG certBag
EXPL "PKCS #12 Certificate Bag"
NAME NSS_OID_PKCS12_CERT_BAG
# We called it SEC_OID_PKCS12_V1_CERT_BAG_ID

OID 1.2.840.113549.1.12.10.1.4
TAG crlBag
EXPL "PKCS #12 CRL Bag"
NAME NSS_OID_PKCS12_CRL_BAG
# We called it SEC_OID_PKCS12_V1_CRL_BAG_ID

OID 1.2.840.113549.1.12.10.1.5
TAG secretBag
EXPL "PKCS #12 Secret Bag"
NAME NSS_OID_PKCS12_SECRET_BAG
# We called it SEC_OID_PKCS12_V1_SECRET_BAG_ID

OID 1.2.840.113549.1.12.10.1.6
TAG safeContentsBag
EXPL "PKCS #12 Safe Contents Bag"
NAME NSS_OID_PKCS12_SAFE_CONTENTS_BAG
# We called it SEC_OID_PKCS12_V1_SAFE_CONTENTS_BAG_ID

OID 1.2.840.113549.2
TAG digest
EXPL "RSA digest algorithm"

OID 1.2.840.113549.2.2 
TAG md2
EXPL "MD2"
NAME NSS_OID_MD2
CKM CKM_MD2

OID 1.2.840.113549.2.4 
TAG md4
EXPL "MD4"
NAME NSS_OID_MD4
# No CKM

OID 1.2.840.113549.2.5
TAG md5
EXPL "MD5"
NAME NSS_OID_MD5
CKM CKM_MD5

OID 1.2.840.113549.3 
TAG cipher
EXPL "RSA cipher algorithm"

OID 1.2.840.113549.3.2 
TAG rc2cbc
EXPL "RC2-CBC"
NAME NSS_OID_RC2_CBC
CKM_RC2_CBC

OID 1.2.840.113549.3.4 
TAG rc4
EXPL "RC4"
NAME NSS_OID_RC4
CKM CKM_RC4

OID 1.2.840.113549.3.7 
TAG desede3cbc
EXPL "DES-EDE3-CBC"
NAME NSS_OID_DES_EDE3_CBC
CKM CKM_DES3_CBC

OID 1.2.840.113549.3.9 
TAG rc5cbcpad
EXPL "RC5-CBCPad"
NAME NSS_OID_RC5_CBC_PAD
CKM CKM_RC5_CBC

OID 1.2.840.113556
TAG microsoft
EXPL "Microsoft"

OID 1.2.840.113560
TAG columbia-university
EXPL "Columbia University"

OID 1.2.840.113572
TAG unisys
EXPL "Unisys"

OID 1.2.840.113658
TAG xapia
EXPL "XAPIA"

OID 1.2.840.113699
TAG wordperfect
EXPL "WordPerfect"

OID 1.3
TAG identified-organization
EXPL "ISO identified organizations"

OID 1.3.6
TAG us-dod
EXPL "United States Department of Defense"

OID 1.3.6.1 
TAG internet  # See RFC 1065
EXPL "The Internet"

OID 1.3.6.1.1
TAG directory
EXPL "Internet: Directory"

OID 1.3.6.1.2
TAG management
EXPL "Internet: Management"

OID 1.3.6.1.3
TAG experimental
EXPL "Internet: Experimental"

OID 1.3.6.1.4
TAG private
EXPL "Internet: Private"

OID 1.3.6.1.5
TAG security
EXPL "Internet: Security"

OID 1.3.6.1.5.5

# RFC 2459:
#
# id-pkix  OBJECT IDENTIFIER  ::=
#          { iso(1) identified-organization(3) dod(6) internet(1)
#                     security(5) mechanisms(5) pkix(7) }
OID 1.3.6.1.5.5.7 
TAG id-pkix
EXPL "Public Key Infrastructure"

# RFC 2459:
#
# PKIX1Explicit88 {iso(1) identified-organization(3) dod(6) internet(1)
#   security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-explicit-88(1)}
OID 1.3.6.1.5.5.7.0.1
TAG PKIX1Explicit88
EXPL "RFC 2459 Explicitly Tagged Module, 1988 Syntax"

# RFC 2459:
#
# PKIX1Implicit88 {iso(1) identified-organization(3) dod(6) internet(1)
#   security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-implicit-88(2)}
OID 1.3.6.1.5.5.7.0.2
TAG PKIXImplicit88
EXPL "RFC 2459 Implicitly Tagged Module, 1988 Syntax"

# RFC 2459:
#
# PKIX1Explicit93 {iso(1) identified-organization(3) dod(6) internet(1)
#    security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-explicit-93(3)}
OID 1.3.6.1.5.5.7.0.3
TAG PKIXExplicit93
EXPL "RFC 2459 Explicitly Tagged Module, 1993 Syntax"

# RFC 2459:
#
# id-pe OBJECT IDENTIFIER  ::=  { id-pkix 1 }
#         -- arc for private certificate extensions
OID 1.3.6.1.5.5.7.1 
TAG id-pe
EXPL "PKIX Private Certificate Extensions"

# RFC 2459:
#
# id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }
OID 1.3.6.1.5.5.7.1.1
TAG id-pe-authorityInfoAccess
EXPL "Certificate Authority Information Access"
NAME NSS_OID_X509_AUTH_INFO_ACCESS
CERT_EXTENSION SUPPORTED

# RFC 2459:
#
# id-qt OBJECT IDENTIFIER ::= { id-pkix 2 }
#         -- arc for policy qualifier types
OID 1.3.6.1.5.5.7.2 
TAG id-qt
EXPL "PKIX Policy Qualifier Types"

# RFC 2459:
#
# id-qt-cps      OBJECT IDENTIFIER ::=  { id-qt 1 }
#         -- OID for CPS qualifier
OID 1.3.6.1.5.5.7.2.1
TAG id-qt-cps
EXPL "PKIX CPS Pointer Qualifier"
NAME NSS_OID_PKIX_CPS_POINTER_QUALIFIER

# RFC 2459:
#
# id-qt-unotice  OBJECT IDENTIFIER ::=  { id-qt 2 }
#         -- OID for user notice qualifier
OID 1.3.6.1.5.5.7.2.2
TAG id-qt-unotice
EXPL "PKIX User Notice Qualifier"
NAME NSS_OID_PKIX_USER_NOTICE_QUALIFIER

# RFC 2459:
#
# id-kp OBJECT IDENTIFIER ::= { id-pkix 3 }
#         -- arc for extended key purpose OIDS
OID 1.3.6.1.5.5.7.3 
TAG id-kp
EXPL "PKIX Key Purpose"

# RFC 2459:
#
# id-kp-serverAuth      OBJECT IDENTIFIER ::= { id-kp 1 }
OID 1.3.6.1.5.5.7.3.1
TAG id-kp-serverAuth
EXPL "TLS Web Server Authentication Certificate"
NAME NSS_OID_EXT_KEY_USAGE_SERVER_AUTH

# RFC 2459:
#
# id-kp-clientAuth      OBJECT IDENTIFIER ::= { id-kp 2 }
OID 1.3.6.1.5.5.7.3.2
TAG id-kp-clientAuth
EXPL "TLS Web Client Authentication Certificate"
NAME NSS_OID_EXT_KEY_USAGE_CLIENT_AUTH

# RFC 2459:
#
# id-kp-codeSigning     OBJECT IDENTIFIER ::= { id-kp 3 }
OID 1.3.6.1.5.5.7.3.3
TAG id-kp-codeSigning
EXPL "Code Signing Certificate"
NAME NSS_OID_EXT_KEY_USAGE_CODE_SIGN

# RFC 2459:
#
# id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 }
OID 1.3.6.1.5.5.7.3.4
TAG id-kp-emailProtection
EXPL "E-Mail Protection Certificate"
NAME NSS_OID_EXT_KEY_USAGE_EMAIL_PROTECTION

# RFC 2459:
#
# id-kp-ipsecEndSystem  OBJECT IDENTIFIER ::= { id-kp 5 }
OID 1.3.6.1.5.5.7.3.5
TAG id-kp-ipsecEndSystem
EXPL "IPSEC End System Certificate"
NAME NSS_OID_EXT_KEY_USAGE_IPSEC_END_SYSTEM

# RFC 2459:
#
# id-kp-ipsecTunnel     OBJECT IDENTIFIER ::= { id-kp 6 }
OID 1.3.6.1.5.5.7.3.6
TAG id-kp-ipsecTunnel
EXPL "IPSEC Tunnel Certificate"
NAME NSS_OID_EXT_KEY_USAGE_IPSEC_TUNNEL

# RFC 2459:
#
# id-kp-ipsecUser       OBJECT IDENTIFIER ::= { id-kp 7 }
OID 1.3.6.1.5.5.7.3.7
TAG id-kp-ipsecUser
EXPL "IPSEC User Certificate"
NAME NSS_OID_EXT_KEY_USAGE_IPSEC_USER

# RFC 2459:
#
# id-kp-timeStamping    OBJECT IDENTIFIER ::= { id-kp 8 }
OID 1.3.6.1.5.5.7.3.8
TAG id-kp-timeStamping
EXPL "Time Stamping Certificate"
NAME NSS_OID_EXT_KEY_USAGE_TIME_STAMP

OID 1.3.6.1.5.5.7.3.9
TAG ocsp-responder
EXPL "OCSP Responder Certificate"
NAME NSS_OID_OCSP_RESPONDER

OID 1.3.6.1.5.5.7.7 
TAG pkix-id-pkix

OID 1.3.6.1.5.5.7.7.5 
TAG pkix-id-pkip

OID 1.3.6.1.5.5.7.7.5.1 
TAG pkix-id-regctrl
EXPL "CRMF Registration Control"

OID 1.3.6.1.5.5.7.7.5.1.1
TAG regtoken
EXPL "CRMF Registration Control, Registration Token"
NAME NSS_OID_PKIX_REGCTRL_REGTOKEN

OID 1.3.6.1.5.5.7.7.5.1.2
TAG authenticator
EXPL "CRMF Registration Control, Registration Authenticator"
NAME NSS_OID_PKIX_REGCTRL_AUTHENTICATOR

OID 1.3.6.1.5.5.7.7.5.1.3
TAG pkipubinfo
EXPL "CRMF Registration Control, PKI Publication Info"
NAME NSS_OID_PKIX_REGCTRL_PKIPUBINFO

OID 1.3.6.1.5.5.7.7.5.1.4
TAG pki-arch-options
EXPL "CRMF Registration Control, PKI Archive Options"
NAME NSS_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS

OID 1.3.6.1.5.5.7.7.5.1.5
TAG old-cert-id
EXPL "CRMF Registration Control, Old Certificate ID"
NAME NSS_OID_PKIX_REGCTRL_OLD_CERT_ID

OID 1.3.6.1.5.5.7.7.5.1.6
TAG protocol-encryption-key
EXPL "CRMF Registration Control, Protocol Encryption Key"
NAME NSS_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY

OID 1.3.6.1.5.5.7.7.5.2 
TAG pkix-id-reginfo
EXPL "CRMF Registration Info"

OID 1.3.6.1.5.5.7.7.5.2.1
TAG utf8-pairs
EXPL "CRMF Registration Info, UTF8 Pairs"
NAME NSS_OID_PKIX_REGINFO_UTF8_PAIRS

OID 1.3.6.1.5.5.7.7.5.2.2
TAG cert-request
EXPL "CRMF Registration Info, Certificate Request"
NAME NSS_OID_PKIX_REGINFO_CERT_REQUEST

# RFC 2549:
#
# id-ad OBJECT IDENTIFIER ::= { id-pkix 48 }
#         -- arc for access descriptors
OID 1.3.6.1.5.5.7.48 
TAG id-ad
EXPL "PKIX Access Descriptors"

# RFC 2549:
#
# id-ad-ocsp      OBJECT IDENTIFIER ::= { id-ad 1 }
OID 1.3.6.1.5.5.7.48.1
TAG id-ad-ocsp
EXPL "PKIX Online Certificate Status Protocol"
NAME NSS_OID_OID_PKIX_OCSP

OID 1.3.6.1.5.5.7.48.1.1
TAG basic-response
EXPL "OCSP Basic Response"
NAME NSS_OID_PKIX_OCSP_BASIC_RESPONSE

OID 1.3.6.1.5.5.7.48.1.2
TAG nonce-extension
EXPL "OCSP Nonce Extension"
NAME NSS_OID_PKIX_OCSP_NONCE

OID 1.3.6.1.5.5.7.48.1.3
TAG response
EXPL "OCSP Response Types Extension"
NAME NSS_OID_PKIX_OCSP_RESPONSE

OID 1.3.6.1.5.5.7.48.1.4
TAG crl
EXPL "OCSP CRL Reference Extension"
NAME NSS_OID_PKIX_OCSP_CRL

OID 1.3.6.1.5.5.7.48.1.5
TAG no-check
EXPL "OCSP No Check Extension"
NAME NSS_OID_X509_OCSP_NO_CHECK  # X509_... ?

OID 1.3.6.1.5.5.7.48.1.6
TAG archive-cutoff
EXPL "OCSP Archive Cutoff Extension"
NAME NSS_OID_PKIX_OCSP_ARCHIVE_CUTOFF

OID 1.3.6.1.5.5.7.48.1.7
TAG service-locator
EXPL "OCSP Service Locator Extension"
NAME NSS_OID_PKIX_OCSP_SERVICE_LOCATOR

# RFC 2549:
#
# id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 }
OID 1.3.6.1.5.5.7.48.2
TAG id-ad-caIssuers
EXPL "Certificate Authority Issuers"

OID 1.3.6.1.6
TAG snmpv2
EXPL "Internet: SNMPv2"

OID 1.3.6.1.7
TAG mail
EXPL "Internet: mail"

OID 1.3.6.1.7.1
TAG mime-mhs
EXPL "Internet: mail MIME mhs"

OID 1.3.12 
TAG ecma
EXPL "European Computers Manufacturing Association"

OID 1.3.14
TAG oiw
EXPL "Open Systems Implementors Workshop"

OID 1.3.14.3 secsig
TAG secsig
EXPL "Open Systems Implementors Workshop Security Special Interest Group"

OID 1.3.14.3.1
TAG oIWSECSIGAlgorithmObjectIdentifiers
EXPL "OIW SECSIG Algorithm OIDs"

OID 1.3.14.3.2 
TAG algorithm
EXPL "OIW SECSIG Algorithm"

OID 1.3.14.3.2.6 
TAG desecb
EXPL "DES-ECB"
NAME NSS_OID_DES_ECB
CKM CKM_DES_ECB

OID 1.3.14.3.2.7
TAG descbc
EXPL "DES-CBC"
NAME NSS_OID_DES_CBC
CKM CKM_DES_CBC

OID 1.3.14.3.2.8
TAG desofb
EXPL "DES-OFB"
NAME NSS_OID_DES_OFB
# No CKM..

OID 1.3.14.3.2.9 
TAG descfb
EXPL "DES-CFB"
NAME NSS_OID_DES_CFB
# No CKM..

OID 1.3.14.3.2.10
TAG desmac
EXPL "DES-MAC"
NAME NSS_OID_DES_MAC
CKM CKM_DES_MAC

OID 1.3.14.3.2.15 
TAG isoSHAWithRSASignature
EXPL "ISO SHA with RSA Signature"
NAME NSS_OID_ISO_SHA_WITH_RSA_SIGNATURE
# No CKM..

OID 1.3.14.3.2.17 
TAG desede
EXPL "DES-EDE"
NAME NSS_OID_DES_EDE
# No CKM..

OID 1.3.14.3.2.26 
TAG sha1
EXPL "SHA-1"
NAME NSS_OID_SHA1
CKM CKM_SHA_1

OID 1.3.14.3.2.27
TAG bogusDSASignatureWithSHA1Digest
EXPL "Forgezza DSA Signature with SHA-1 Digest"
NAME NSS_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST
CKM CKM_DSA_SHA1

OID 1.3.14.3.3
TAG authentication-mechanism
EXPL "OIW SECSIG Authentication Mechanisms"

OID 1.3.14.3.4
TAG security-attribute
EXPL "OIW SECSIG Security Attributes"

OID 1.3.14.3.5
TAG document-definition
EXPL "OIW SECSIG Document Definitions used in security"

OID 1.3.14.7
TAG directory-services-sig
EXPL "OIW directory services sig"

OID 1.3.16
TAG ewos
EXPL "European Workshop on Open Systems"

OID 1.3.22
TAG osf
EXPL "Open Software Foundation"

OID 1.3.23
TAG nordunet
EXPL "Nordunet"

OID 1.3.26
TAG nato-id-org
EXPL "NATO identified organisation"

OID 1.3.36
TAG teletrust
EXPL "Teletrust"

OID 1.3.52
TAG smpte
EXPL "Society of Motion Picture and Television Engineers"

OID 1.3.69
TAG sita
EXPL "Societe Internationale de Telecommunications Aeronautiques"

OID 1.3.90
TAG iana
EXPL "Internet Assigned Numbers Authority"

OID 1.3.101 
TAG thawte
EXPL "Thawte"

OID 2 
TAG joint-iso-ccitt
EXPL "Joint ISO/ITU-T assignment"

OID 2.0
TAG presentation
EXPL "Joint ISO/ITU-T Presentation"

OID 2.1
TAG asn-1
EXPL "Abstract Syntax Notation One"

OID 2.2
TAG acse
EXPL "Association Control"

OID 2.3
TAG rtse
EXPL "Reliable Transfer"

OID 2.4
TAG rose
EXPL "Remote Operations"

OID 2.5
TAG x500
EXPL "Directory"

OID 2.5.1
TAG modules
EXPL "X.500 modules"

OID 2.5.2
TAG service-environment
EXPL "X.500 service environment"

OID 2.5.3
TAG application-context
EXPL "X.500 application context"

# RFC 2459:
#
# id-at           OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4}
OID 2.5.4
TAG id-at
EXPL "X.520 attribute types"

# RFC 2459:
#
# id-at-commonName        AttributeType   ::=     {id-at 3}
OID 2.5.4.3
TAG id-at-commonName
EXPL "X.520 Common Name"
NAME NSS_OID_X520_COMMON_NAME
ATTR "cn"

# RFC 2459:
#
# id-at-surname           AttributeType   ::=     {id-at 4}
OID 2.5.4.4
TAG id-at-surname
EXPL "X.520 Surname"
NAME NSS_OID_X520_SURNAME
ATTR "sn"

# RFC 2459:
#
# id-at-countryName       AttributeType   ::=     {id-at 6}
OID 2.5.4.6
TAG id-at-countryName
EXPL "X.520 Country Name"
NAME NSS_OID_X520_COUNTRY_NAME
ATTR "c"

# RFC 2459:
#
# id-at-localityName      AttributeType   ::=     {id-at 7}
OID 2.5.4.7
TAG id-at-localityName
EXPL "X.520 Locality Name"
NAME NSS_OID_X520_LOCALITY_NAME
ATTR "l"

# RFC 2459:
#
# id-at-stateOrProvinceName       AttributeType   ::=     {id-at 8}
OID 2.5.4.8
TAG id-at-stateOrProvinceName
EXPL "X.520 State or Province Name"
NAME NSS_OID_X520_STATE_OR_PROVINCE_NAME
ATTR "s"

# RFC 2459:
#
# id-at-organizationName          AttributeType   ::=     {id-at 10}
OID 2.5.4.10
TAG id-at-organizationName
EXPL "X.520 Organization Name"
NAME NSS_OID_X520_ORGANIZATION_NAME
ATTR "o"

# RFC 2459:
#
# id-at-organizationalUnitName    AttributeType   ::=     {id-at 11}
OID 2.5.4.11
TAG id-at-organizationalUnitName
EXPL "X.520 Organizational Unit Name"
NAME NSS_OID_X520_ORGANIZATIONAL_UNIT_NAME
ATTR "ou"

# RFC 2459:
#
# id-at-title     AttributeType   ::=     {id-at 12}
OID 2.5.4.12
TAG id-at-title
EXPL "X.520 Title"
NAME NSS_OID_X520_TITLE
ATTR "title"

# RFC 2459:
#
# id-at-name              AttributeType   ::=     {id-at 41}
OID 2.5.4.41
TAG id-at-name
EXPL "X.520 Name"
NAME NSS_OID_X520_NAME
ATTR "name"

# RFC 2459:
#
# id-at-givenName         AttributeType   ::=     {id-at 42}
OID 2.5.4.42
TAG id-at-givenName
EXPL "X.520 Given Name"
NAME NSS_OID_X520_GIVEN_NAME
ATTR "givenName"

# RFC 2459:
#
# id-at-initials          AttributeType   ::=     {id-at 43}
OID 2.5.4.43
TAG id-at-initials
EXPL "X.520 Initials"
NAME NSS_OID_X520_INITIALS
ATTR "initials"

# RFC 2459:
#
# id-at-generationQualifier       AttributeType   ::=     {id-at 44}
OID 2.5.4.44
TAG id-at-generationQualifier
EXPL "X.520 Generation Qualifier"
NAME NSS_OID_X520_GENERATION_QUALIFIER
ATTR "generationQualifier"

# RFC 2459:
#
# id-at-dnQualifier       AttributeType   ::=     {id-at 46}
OID 2.5.4.46
TAG id-at-dnQualifier
EXPL "X.520 DN Qualifier"
NAME NSS_OID_X520_DN_QUALIFIER
ATTR "dnQualifier"

OID 2.5.5
TAG attribute-syntax
EXPL "X.500 attribute syntaxes"

OID 2.5.6
TAG object-classes
EXPL "X.500 standard object classes"

OID 2.5.7
TAG attribute-set
EXPL "X.500 attribute sets"

OID 2.5.8
TAG algorithms
EXPL "X.500-defined algorithms"

OID 2.5.8.1 
TAG encryption
EXPL "X.500-defined encryption algorithms"

OID 2.5.8.1.1 
TAG rsa
EXPL "RSA Encryption Algorithm"
NAME NSS_OID_X500_RSA_ENCRYPTION
CKM CKM_RSA_X_509

OID 2.5.9
TAG abstract-syntax
EXPL "X.500 abstract syntaxes"

OID 2.5.12
TAG operational-attribute
EXPL "DSA Operational Attributes"

OID 2.5.13
TAG matching-rule
EXPL "Matching Rule"

OID 2.5.14
TAG knowledge-matching-rule
EXPL "X.500 knowledge Matching Rules"

OID 2.5.15
TAG name-form
EXPL "X.500 name forms"

OID 2.5.16
TAG group
EXPL "X.500 groups"

OID 2.5.17
TAG subentry
EXPL "X.500 subentry"

OID 2.5.18
TAG operational-attribute-type
EXPL "X.500 operational attribute type"

OID 2.5.19
TAG operational-binding
EXPL "X.500 operational binding"

OID 2.5.20
TAG schema-object-class
EXPL "X.500 schema Object class"

OID 2.5.21
TAG schema-operational-attribute
EXPL "X.500 schema operational attributes"

OID 2.5.23
TAG administrative-role
EXPL "X.500 administrative roles"

OID 2.5.24
TAG access-control-attribute
EXPL "X.500 access control attribute"

OID 2.5.25
TAG ros
EXPL "X.500 ros object"

OID 2.5.26
TAG contract
EXPL "X.500 contract"

OID 2.5.27
TAG package
EXPL "X.500 package"

OID 2.5.28
TAG access-control-schema
EXPL "X.500 access control schema"

# RFC 2459:
#
# id-ce OBJECT IDENTIFIER  ::=  {joint-iso-ccitt(2) ds(5) 29}
OID 2.5.29
TAG id-ce
EXPL "X.500 Certificate Extension"

OID 2.5.29.5
TAG subject-directory-attributes
EXPL "Certificate Subject Directory Attributes"
NAME NSS_OID_X509_SUBJECT_DIRECTORY_ATTR
CERT_EXTENSION UNSUPPORTED

# RFC 2459:
#
# id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::=  { id-ce 9 }
OID 2.5.29.9
TAG id-ce-subjectDirectoryAttributes
EXPL "Certificate Subject Directory Attributes"
NAME NSS_OID_X509_SUBJECT_DIRECTORY_ATTRIBUTES
CERT_EXTENSION UNSUPPORTED

# RFC 2459:
#
# id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 14 }
OID 2.5.29.14
TAG id-ce-subjectKeyIdentifier
EXPL "Certificate Subject Key ID"
NAME NSS_OID_X509_SUBJECT_KEY_ID
CERT_EXTENSION SUPPORTED

# RFC 2459:
#
# id-ce-keyUsage OBJECT IDENTIFIER ::=  { id-ce 15 }
OID 2.5.29.15
TAG id-ce-keyUsage
EXPL "Certificate Key Usage"
NAME NSS_OID_X509_KEY_USAGE
CERT_EXTENSION SUPPORTED
# We called it PKCS12_KEY_USAGE

# RFC 2459:
#
# id-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::=  { id-ce 16 }
OID 2.5.29.16
TAG id-ce-privateKeyUsagePeriod
EXPL "Certificate Private Key Usage Period"
NAME NSS_OID_X509_PRIVATE_KEY_USAGE_PERIOD
CERT_EXTENSION UNSUPPORTED

# RFC 2459:
#
# id-ce-subjectAltName OBJECT IDENTIFIER ::=  { id-ce 17 }
OID 2.5.29.17
TAG id-ce-subjectAltName
EXPL "Certificate Subject Alternate Name"
NAME NSS_OID_X509_SUBJECT_ALT_NAME
CERT_EXTENSION SUPPORTED

# RFC 2459:
#
# id-ce-issuerAltName OBJECT IDENTIFIER ::=  { id-ce 18 }
OID 2.5.29.18
TAG id-ce-issuerAltName
EXPL "Certificate Issuer Alternate Name"
NAME NSS_OID_X509_ISSUER_ALT_NAME
CERT_EXTENSION UNSUPPORTED

# RFC 2459:
#
# id-ce-basicConstraints OBJECT IDENTIFIER ::=  { id-ce 19 }
OID 2.5.29.19
TAG id-ce-basicConstraints
EXPL "Certificate Basic Constraints"
NAME NSS_OID_X509_BASIC_CONSTRAINTS
CERT_EXTENSION SUPPORTED

# RFC 2459:
#
# id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 }
OID 2.5.29.20
TAG id-ce-cRLNumber
EXPL "CRL Number"
NAME NSS_OID_X509_CRL_NUMBER
CERT_EXTENSION SUPPORTED

# RFC 2459:
#
# id-ce-cRLReasons OBJECT IDENTIFIER ::= { id-ce 21 }
OID 2.5.29.21
TAG id-ce-cRLReasons
EXPL "CRL Reason Code"
NAME NSS_OID_X509_REASON_CODE
CERT_EXTENSION SUPPORTED

# RFC 2459:
#
# id-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-ce 23 }
OID 2.5.29.23
TAG id-ce-holdInstructionCode
EXPL "Hold Instruction Code"
NAME NSS_OID_X509_HOLD_INSTRUCTION_CODE
CERT_EXTENSION UNSUPPORTED

# RFC 2459:
#
# id-ce-invalidityDate OBJECT IDENTIFIER ::= { id-ce 24 }
OID 2.5.29.24
TAG id-ce-invalidityDate
EXPL "Invalid Date"
NAME NSS_OID_X509_INVALID_DATE
CERT_EXTENSION SUPPORTED

# RFC 2459:
#
# id-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-ce 27 }
OID 2.5.29.27
TAG id-ce-deltaCRLIndicator
EXPL "Delta CRL Indicator"
NAME NSS_OID_X509_DELTA_CRL_INDICATOR
CERT_EXTENSION UNSUPPORTED

# RFC 2459:
#
# id-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-ce 28 }
OID 2.5.29.28
TAG id-ce-issuingDistributionPoint
EXPL "Issuing Distribution Point"
NAME NSS_OID_X509_ISSUING_DISTRIBUTION_POINT
CERT_EXTENSION UNSUPPORTED

# RFC 2459:
#
# id-ce-certificateIssuer OBJECT IDENTIFIER ::= { id-ce 29 }
OID 2.5.29.29
TAG id-ce-certificateIssuer
EXPL "Certificate Issuer"
NAME NSS_OID_X509_CERTIFICATE_ISSUER
CERT_EXTENSION UNSUPPORTED

# RFC 2459:
#
# id-ce-nameConstraints OBJECT IDENTIFIER ::=  { id-ce 30 }
OID 2.5.29.30
TAG id-ce-nameConstraints
EXPL "Certificate Name Constraints"
NAME NSS_OID_X509_NAME_CONSTRAINTS
CERT_EXTENSION SUPPORTED

# RFC 2459:
#
# id-ce-cRLDistributionPoints     OBJECT IDENTIFIER  ::=  {id-ce 31}
OID 2.5.29.31
TAG id-ce-cRLDistributionPoints
EXPL "CRL Distribution Points"
NAME NSS_OID_X509_CRL_DIST_POINTS
CERT_EXTENSION UNSUPPORTED

# RFC 2459:
#
# id-ce-certificatePolicies OBJECT IDENTIFIER ::=  { id-ce 32 }
OID 2.5.29.32
TAG id-ce-certificatePolicies
EXPL "Certificate Policies"
NAME NSS_OID_X509_CERTIFICATE_POLICIES
CERT_EXTENSION UNSUPPORTED

# RFC 2459:
#
# id-ce-policyMappings OBJECT IDENTIFIER ::=  { id-ce 33 }
OID 2.5.29.33
TAG id-ce-policyMappings
EXPL "Certificate Policy Mappings"
NAME NSS_OID_X509_POLICY_MAPPINGS
CERT_EXTENSION UNSUPPORTED

OID 2.5.29.34
TAG policy-constraints
EXPL "Certificate Policy Constraints (old)"
CERT_EXTENSION UNSUPPORTED

# RFC 2459:
#
# id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 35 }
OID 2.5.29.35
TAG id-ce-authorityKeyIdentifier
EXPL "Certificate Authority Key Identifier"
NAME NSS_OID_X509_AUTH_KEY_ID
CERT_EXTENSION SUPPORTED

# RFC 2459:
#
# id-ce-policyConstraints OBJECT IDENTIFIER ::=  { id-ce 36 }
OID 2.5.29.36
TAG id-ce-policyConstraints
EXPL "Certificate Policy Constraints"
NAME NSS_OID_X509_POLICY_CONSTRAINTS
CERT_EXTENSION SUPPORTED

# RFC 2459:
#
# id-ce-extKeyUsage OBJECT IDENTIFIER ::= {id-ce 37}
OID 2.5.29.37
TAG id-ce-extKeyUsage
EXPL "Extended Key Usage"
NAME NSS_OID_X509_EXT_KEY_USAGE
CERT_EXTENSION SUPPORTED

OID 2.5.30
TAG id-mgt
EXPL "X.500 Management Object"

OID 2.6
TAG x400
EXPL "X.400 MHS"

OID 2.7
TAG ccr
EXPL "Committment, Concurrency and Recovery"

OID 2.8
TAG oda
EXPL "Office Document Architecture"

OID 2.9
TAG osi-management
EXPL "OSI management"

OID 2.10
TAG tp
EXPL "Transaction Processing"

OID 2.11
TAG dor
EXPL "Distinguished Object Reference"

OID 2.12
TAG rdt
EXPL "Referenced Data Transfer"

OID 2.13
TAG nlm
EXPL "Network Layer Management"

OID 2.14
TAG tlm
EXPL "Transport Layer Management"

OID 2.15
TAG llm
EXPL "Link Layer Management"

OID 2.16
TAG country
EXPL "Country Assignments"

OID 2.16.124 
TAG canada
EXPL "Canada"

OID 2.16.158
TAG taiwan
EXPL "Taiwan"

OID 2.16.578 
TAG norway
EXPL "Norway"

OID 2.16.756 
TAG switzerland
EXPL "Switzerland"

OID 2.16.840 
TAG us
EXPL "United States"

OID 2.16.840.1 
TAG us-company
EXPL "United States Company"

OID 2.16.840.1.101 
TAG us-government
EXPL "United States Government (1.101)"

OID 2.16.840.1.101.2 
TAG us-dod
EXPL "United States Department of Defense"

OID 2.16.840.1.101.2.1 
TAG id-infosec
EXPL "US DOD Infosec"

OID 2.16.840.1.101.2.1.0 
TAG id-modules
EXPL "US DOD Infosec modules"

OID 2.16.840.1.101.2.1.1 
TAG id-algorithms
EXPL "US DOD Infosec algorithms (MISSI)"

OID 2.16.840.1.101.2.1.1.2  
TAG old-dss
EXPL "MISSI DSS Algorithm (Old)"
NAME NSS_OID_MISSI_DSS_OLD

# This is labeled as "### mwelch temporary"
# Is it official?? XXX fgmr
OID 2.16.840.1.101.2.1.1.4
TAG skipjack-cbc-64
EXPL "Skipjack CBC64"
NAME NSS_OID_FORTEZZA_SKIPJACK
CKM CKM_SKIPJACK_CBC64

OID 2.16.840.1.101.2.1.1.10
TAG kea
EXPL "MISSI KEA Algorithm"
NAME NSS_OID_MISSI_KEA

OID 2.16.840.1.101.2.1.1.12
TAG old-kea-dss
EXPL "MISSI KEA and DSS Algorithm (Old)"
NAME NSS_OID_MISSI_KEA_DSS_OLD

OID 2.16.840.1.101.2.1.1.19
TAG dss
EXPL "MISSI DSS Algorithm"
NAME NSS_OID_MISSI_DSS

OID 2.16.840.1.101.2.1.1.20
TAG kea-dss
EXPL "MISSI KEA and DSS Algorithm"
NAME NSS_OID_MISSI_KEA_DSS

OID 2.16.840.1.101.2.1.1.22
TAG alt-kea
EXPL "MISSI Alternate KEA Algorithm"
NAME NSS_OID_MISSI_ALT_KEY

OID 2.16.840.1.101.2.1.2 
TAG id-formats
EXPL "US DOD Infosec formats"

OID 2.16.840.1.101.2.1.3 
TAG id-policy
EXPL "US DOD Infosec policy"

OID 2.16.840.1.101.2.1.4 
TAG id-object-classes
EXPL "US DOD Infosec object classes"

OID 2.16.840.1.101.2.1.5 
TAG id-attributes
EXPL "US DOD Infosec attributes"

OID 2.16.840.1.101.2.1.6 
TAG id-attribute-syntax
EXPL "US DOD Infosec attribute syntax"

OID 2.16.840.1.113730 
# The Netscape OID space
TAG netscape
EXPL "Netscape Communications Corp."

OID 2.16.840.1.113730.1
TAG cert-ext
EXPL "Netscape Cert Extensions"

OID 2.16.840.1.113730.1.1
TAG cert-type
EXPL "Certificate Type"
NAME NSS_OID_NS_CERT_EXT_CERT_TYPE
CERT_EXTENSION SUPPORTED

OID 2.16.840.1.113730.1.2
TAG base-url
EXPL "Certificate Extension Base URL"
NAME NSS_OID_NS_CERT_EXT_BASE_URL
CERT_EXTENSION SUPPORTED

OID 2.16.840.1.113730.1.3
TAG revocation-url
EXPL "Certificate Revocation URL"
NAME NSS_OID_NS_CERT_EXT_REVOCATION_URL
CERT_EXTENSION SUPPORTED

OID 2.16.840.1.113730.1.4
TAG ca-revocation-url
EXPL "Certificate Authority Revocation URL"
NAME NSS_OID_NS_CERT_EXT_CA_REVOCATION_URL
CERT_EXTENSION SUPPORTED

OID 2.16.840.1.113730.1.5
TAG ca-crl-download-url
EXPL "Certificate Authority CRL Download URL"
NAME NSS_OID_NS_CERT_EXT_CA_CRL_URL
CERT_EXTENSION UNSUPPORTED

OID 2.16.840.1.113730.1.6
TAG ca-cert-url
EXPL "Certificate Authority Certificate Download URL"
NAME NSS_OID_NS_CERT_EXT_CA_CERT_URL
CERT_EXTENSION UNSUPPORTED

OID 2.16.840.1.113730.1.7
TAG renewal-url
EXPL "Certificate Renewal URL"
NAME NSS_OID_NS_CERT_EXT_CERT_RENEWAL_URL
CERT_EXTENSION SUPPORTED

OID 2.16.840.1.113730.1.8
TAG ca-policy-url
EXPL "Certificate Authority Policy URL"
NAME NSS_OID_NS_CERT_EXT_CA_POLICY_URL
CERT_EXTENSION SUPPORTED

OID 2.16.840.1.113730.1.9
TAG homepage-url
EXPL "Certificate Homepage URL"
NAME NSS_OID_NS_CERT_EXT_HOMEPAGE_URL
CERT_EXTENSION UNSUPPORTED

OID 2.16.840.1.113730.1.10
TAG entity-logo
EXPL "Certificate Entity Logo"
NAME NSS_OID_NS_CERT_EXT_ENTITY_LOGO
CERT_EXTENSION UNSUPPORTED

OID 2.16.840.1.113730.1.11
TAG user-picture
EXPL "Certificate User Picture"
NAME NSS_OID_NS_CERT_EXT_USER_PICTURE
CERT_EXTENSION UNSUPPORTED

OID 2.16.840.1.113730.1.12
TAG ssl-server-name
EXPL "Certificate SSL Server Name"
NAME NSS_OID_NS_CERT_EXT_SSL_SERVER_NAME
CERT_EXTENSION SUPPORTED

OID 2.16.840.1.113730.1.13
TAG comment
EXPL "Certificate Comment"
NAME NSS_OID_NS_CERT_EXT_COMMENT
CERT_EXTENSION SUPPORTED

OID 2.16.840.1.113730.1.14
TAG thayes
EXPL ""
NAME NSS_OID_NS_CERT_EXT_THAYES
CERT_EXTENSION SUPPORTED

OID 2.16.840.1.113730.2
TAG data-type
EXPL "Netscape Data Types"

OID 2.16.840.1.113730.2.1 
TAG gif
EXPL "image/gif"
NAME NSS_OID_NS_TYPE_GIF

OID 2.16.840.1.113730.2.2 
TAG jpeg
EXPL "image/jpeg"
NAME NSS_OID_NS_TYPE_JPEG

OID 2.16.840.1.113730.2.3 
TAG url
EXPL "URL"
NAME NSS_OID_NS_TYPE_URL

OID 2.16.840.1.113730.2.4 
TAG html
EXPL "text/html"
NAME NSS_OID_NS_TYPE_HTML

OID 2.16.840.1.113730.2.5 
TAG cert-sequence
EXPL "Certificate Sequence"
NAME NSS_OID_NS_TYPE_CERT_SEQUENCE

OID 2.16.840.1.113730.3
# The Netscape Directory OID space
TAG directory
EXPL "Netscape Directory"

OID 2.16.840.1.113730.4
TAG policy
EXPL "Netscape Policy Type OIDs"

OID 2.16.840.1.113730.4.1
TAG export-approved
EXPL "Strong Crypto Export Approved"
NAME NSS_OID_NS_KEY_USAGE_GOVT_APPROVED
CERT_EXTENSION UNSUPPORTED

OID 2.16.840.1.113730.5
TAG cert-server
EXPL "Netscape Certificate Server"

OID 2.16.840.1.113730.5.1

OID 2.16.840.1.113730.5.1.1
TAG recovery-request
EXPL "Netscape Cert Server Recovery Request"
NAME NSS_OID_NETSCAPE_RECOVERY_REQUEST

OID 2.16.840.1.113730.6
TAG algs
EXPL "Netscape algorithm OIDs"

OID 2.16.840.1.113730.6.1
TAG smime-kea
EXPL "Netscape S/MIME KEA"
NAME NSS_OID_NETSCAPE_SMIME_KEA

OID 2.16.840.1.113730.7
TAG name-components
EXPL "Netscape Name Components"

OID 2.16.840.1.113730.7.1
TAG nickname
EXPL "Netscape Nickname"
NAME NSS_OID_NETSCAPE_NICKNAME

OID 2.16.840.1.113733 
TAG verisign
EXPL "Verisign"

OID 2.16.840.1.113733.1

OID 2.16.840.1.113733.1.7

OID 2.16.840.1.113733.1.7.1

OID 2.16.840.1.113733.1.7.1.1
TAG verisign-user-notices
EXPL "Verisign User Notices"
NAME NSS_OID_VERISIGN_USER_NOTICES

OID 2.16.840.101 
TAG us-government
EXPL "US Government (101)"

OID 2.16.840.102 
TAG us-government2
EXPL "US Government (102)"
 
OID 2.16.840.11370 
TAG old-netscape
EXPL "Netscape Communications Corp. (Old)"

OID 2.16.840.11370.1 
TAG ns-cert-ext
EXPL "Netscape Cert Extensions (Old NS)"

OID 2.16.840.11370.1.1 
TAG netscape-ok
EXPL "Netscape says this cert is ok (Old NS)"
NAME NSS_OID_NS_CERT_EXT_NETSCAPE_OK
CERT_EXTENSION UNSUPPORTED

OID 2.16.840.11370.1.2
TAG issuer-logo
EXPL "Certificate Issuer Logo (Old NS)"
NAME NSS_OID_NS_CERT_EXT_ISSUER_LOGO
CERT_EXTENSION UNSUPPORTED

OID 2.16.840.11370.1.3
TAG subject-logo
EXPL "Certificate Subject Logo (Old NS)"
NAME NSS_OID_NS_CERT_EXT_SUBJECT_LOGO
CERT_EXTENSION UNSUPPORTED

OID 2.16.840.11370.2 
TAG ns-file-type
EXPL "Netscape File Type"

OID 2.16.840.11370.3 
TAG ns-image-type
EXPL "Netscape Image Type"

OID 2.17
TAG registration-procedures
EXPL "Registration procedures"

OID 2.18
TAG physical-layer-management
EXPL "Physical layer Management"

OID 2.19
TAG mheg
EXPL "MHEG"

OID 2.20
TAG guls
EXPL "Generic Upper Layer Security"

OID 2.21
TAG tls
EXPL "Transport Layer Security Protocol"

OID 2.22
TAG nls
EXPL "Network Layer Security Protocol"

OID 2.23
TAG organization
EXPL "International organizations"