PKIX1Explicit93 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-explicit-93(3)} DEFINITIONS EXPLICIT TAGS ::= BEGIN -- EXPORTS ALL -- IMPORTS authorityKeyIdentifier, subjectKeyIdentifier, keyUsage, extendedKeyUsage, privateKeyUsagePeriod, certificatePolicies, policyMappings, subjectAltName, issuerAltName, basicConstraints, nameConstraints, policyConstraints, cRLDistributionPoints, subjectDirectoryAttributes, cRLNumber, reasonCode, instructionCode, invalidityDate, issuingDistributionPoint, certificateIssuer, deltaCRLIndicator, authorityInfoAccess, id-ce FROM PKIX1Implicit93 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-implicit-93(4)} ; -- -- Locally defined OIDs -- id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) } -- PKIX arcs -- arc for private certificate extensions id-pe OBJECT IDENTIFIER ::= { id-pkix 1 } -- arc for policy qualifier types id-qt OBJECT IDENTIFIER ::= { id-pkix 2 } -- arc for extended key purpose OIDS id-kp OBJECT IDENTIFIER ::= { id-pkix 3 } -- arc for access descriptors id-ad OBJECT IDENTIFIER ::= { id-pkix 48 } -- policyQualifierIds for Internet policy qualifiers id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 } -- OID for CPS qualifier id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 } -- OID for user notice qualifier -- based on excerpts from AuthenticationFramework -- {joint-iso-ccitt ds(5) modules(1) authenticationFramework(7) 2} -- Public Key Certificate -- Certificate ::= SIGNED { SEQUENCE { version [0] Version DEFAULT v1, serialNumber CertificateSerialNumber, signature AlgorithmIdentifier, issuer Name, validity Validity, subject Name, subjectPublicKeyInfo SubjectPublicKeyInfo, issuerUniqueIdentifier [1] IMPLICIT UniqueIdentifier OPTIONAL, ---if present, version shall be v2 or v3-- subjectUniqueIdentifier [2] IMPLICIT UniqueIdentifier OPTIONAL, ---if present, version shall be v2 or v3-- extensions [3] Extensions OPTIONAL --if present, version shall be v3--} } UniqueIdentifier ::= BIT STRING Version ::= INTEGER { v1(0), v2(1), v3(2) } CertificateSerialNumber ::= INTEGER Validity ::= SEQUENCE { notBefore Time, notAfter Time } Time ::= CHOICE { utcTime UTCTime, generalTime GeneralizedTime } SubjectPublicKeyInfo ::= SEQUENCE{ algorithm AlgorithmIdentifier, subjectPublicKey BIT STRING} Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension Extension ::= SEQUENCE { extnId EXTENSION.&id ({ExtensionSet}), critical BOOLEAN DEFAULT FALSE, extnValue OCTET STRING } -- contains a DER encoding of a value of type -- &ExtnType for the -- extension object identified by extnId -- -- The following information object set is defined to constrain the -- set of legal certificate extensions. ExtensionSet EXTENSION ::= { authorityKeyIdentifier | subjectKeyIdentifier | keyUsage | extendedKeyUsage | privateKeyUsagePeriod | certificatePolicies | policyMappings | subjectAltName | issuerAltName | basicConstraints | nameConstraints | policyConstraints | cRLDistributionPoints | subjectDirectoryAttributes | authorityInfoAccess } EXTENSION ::= CLASS { &id OBJECT IDENTIFIER UNIQUE, &ExtnType } WITH SYNTAX { SYNTAX &ExtnType IDENTIFIED BY &id } -- Certificate Revocation List -- CertificateList ::= SIGNED { SEQUENCE { version Version OPTIONAL, -- if present, shall be v2 signature AlgorithmIdentifier, issuer Name, thisUpdate Time, nextUpdate Time OPTIONAL, revokedCertificates SEQUENCE OF SEQUENCE { userCertificate CertificateSerialNumber, revocationDate Time, crlEntryExtensions EntryExtensions OPTIONAL } OPTIONAL, crlExtensions [0] CRLExtensions OPTIONAL }} CRLExtensions ::= SEQUENCE SIZE (1..MAX) OF CRLExtension CRLExtension ::= SEQUENCE { extnId EXTENSION.&id ({CRLExtensionSet}), critical BOOLEAN DEFAULT FALSE, extnValue OCTET STRING } -- contains a DER encoding of a value of type -- &ExtnType for the -- extension object identified by extnId -- -- The following information object set is defined to constrain the -- set of legal CRL extensions. CRLExtensionSet EXTENSION ::= { authorityKeyIdentifier | issuerAltName | cRLNumber | deltaCRLIndicator | issuingDistributionPoint } -- EXTENSION defined above for certificates EntryExtensions ::= SEQUENCE SIZE (1..MAX) OF EntryExtension EntryExtension ::= SEQUENCE { extnId EXTENSION.&id ({EntryExtensionSet}), critical BOOLEAN DEFAULT FALSE, extnValue OCTET STRING } -- contains a DER encoding of a value of type -- &ExtnType for the -- extension object identified by extnId -- -- The following information object set is defined to constrain the -- set of legal CRL entry extensions. EntryExtensionSet EXTENSION ::= { reasonCode | instructionCode | invalidityDate | certificateIssuer } -- information object classes used in the defintion -- -- of certificates and CRLs -- -- Parameterized Type SIGNED -- SIGNED { ToBeSigned } ::= SEQUENCE { toBeSigned ToBeSigned, algorithm AlgorithmIdentifier, signature BIT STRING } -- Definition of AlgorithmIdentifier -- ISO definition was: -- -- AlgorithmIdentifier ::= SEQUENCE { -- algorithm ALGORITHM.&id({SupportedAlgorithms}), -- parameters ALGORITHM.&Type({SupportedAlgorithms} -- { @algorithm}) OPTIONAL } -- Definition of ALGORITHM -- ALGORITHM ::= TYPE-IDENTIFIER -- The following PKIX definition replaces the X.509 definition -- AlgorithmIdentifier ::= SEQUENCE { algorithm ALGORITHM-ID.&id({SupportedAlgorithms}), parameters ALGORITHM-ID.&Type({SupportedAlgorithms} { @algorithm}) OPTIONAL } -- Definition of ALGORITHM-ID ALGORITHM-ID ::= CLASS { &id OBJECT IDENTIFIER UNIQUE, &Type OPTIONAL } WITH SYNTAX { OID &id [PARMS &Type] } -- The definition of SupportedAlgorithms may be modified as this -- document does not specify a mandatory algorithm set. In addition, -- the set is specified as extensible, since additional algorithms -- may be supported SupportedAlgorithms ALGORITHM-ID ::= { ..., -- extensible rsaPublicKey | rsaSHA-1 | rsaMD5 | rsaMD2 | dssPublicKey | dsaSHA-1 | dhPublicKey } -- OIDs and parameter structures for ALGORITHM-IDs used -- in this specification rsaPublicKey ALGORITHM-ID ::= { OID rsaEncryption PARMS NULL } rsaSHA-1 ALGORITHM-ID ::= { OID sha1WithRSAEncryption PARMS NULL } rsaMD5 ALGORITHM-ID ::= { OID md5WithRSAEncryption PARMS NULL } rsaMD2 ALGORITHM-ID ::= { OID md2WithRSAEncryption PARMS NULL } dssPublicKey ALGORITHM-ID ::= { OID id-dsa PARMS Dss-Parms } dsaSHA-1 ALGORITHM-ID ::= { OID id-dsa-with-sha1 } dhPublicKey ALGORITHM-ID ::= {OID dhpublicnumber PARMS DomainParameters} -- algorithm identifiers and parameter structures pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 } rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } md2WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 2 } md5WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 4 } sha1WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 5 } id-dsa-with-sha1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) x9-57 (10040) x9algorithm(4) 3 } Dss-Sig-Value ::= SEQUENCE { r INTEGER, s INTEGER } dhpublicnumber OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) ansi-x942(10046) number-type(2) 1 } DomainParameters ::= SEQUENCE { p INTEGER, -- odd prime, p=jq +1 g INTEGER, -- generator, g q INTEGER, -- factor of p-1 j INTEGER OPTIONAL, -- subgroup factor, j>= 2 validationParms ValidationParms OPTIONAL } ValidationParms ::= SEQUENCE { seed BIT STRING, pgenCounter INTEGER } id-dsa OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) 1 } Dss-Parms ::= SEQUENCE { p INTEGER, q INTEGER, g INTEGER } -- The ASN.1 in this section supports the Name type -- and the directoryAttribute extension -- attribute data types -- Attribute ::= SEQUENCE { type ATTRIBUTE.&id ({SupportedAttributes}), values SET SIZE (1 .. MAX) OF ATTRIBUTE.&Type ({SupportedAttributes}{@type})} AttributeTypeAndValue ::= SEQUENCE { type ATTRIBUTE.&id ({SupportedAttributes}), value ATTRIBUTE.&Type ({SupportedAttributes}{@type})} -- naming data types -- Name ::= CHOICE { -- only one possibility for now -- rdnSequence RDNSequence } RDNSequence ::= SEQUENCE OF RelativeDistinguishedName RelativeDistinguishedName ::= SET SIZE (1 .. MAX) OF AttributeTypeAndValue ID ::= OBJECT IDENTIFIER -- ATTRIBUTE information object class specification -- Note: This has been greatly simplified for PKIX !! ATTRIBUTE ::= CLASS { &Type, &id OBJECT IDENTIFIER UNIQUE } WITH SYNTAX { WITH SYNTAX &Type ID &id } -- suggested naming attributes -- Definition of the following information object set may be -- augmented to meet local requirements. Note that deleting -- members of the set may prevent interoperability with -- conforming implementations. SupportedAttributes ATTRIBUTE ::= { name | commonName | surname | givenName | initials | generationQualifier | dnQualifier | countryName | localityName | stateOrProvinceName | organizationName | organizationalUnitName | title | pkcs9email } name ATTRIBUTE ::= { WITH SYNTAX DirectoryString { ub-name } ID id-at-name } commonName ATTRIBUTE ::= { WITH SYNTAX DirectoryString {ub-common-name} ID id-at-commonName } surname ATTRIBUTE ::= { WITH SYNTAX DirectoryString {ub-name} ID id-at-surname } givenName ATTRIBUTE ::= { WITH SYNTAX DirectoryString {ub-name} ID id-at-givenName } initials ATTRIBUTE ::= { WITH SYNTAX DirectoryString {ub-name} ID id-at-initials } generationQualifier ATTRIBUTE ::= { WITH SYNTAX DirectoryString {ub-name} ID id-at-generationQualifier} dnQualifier ATTRIBUTE ::= { WITH SYNTAX PrintableString ID id-at-dnQualifier } countryName ATTRIBUTE ::= { WITH SYNTAX PrintableString (SIZE (2)) -- IS 3166 codes only ID id-at-countryName } localityName ATTRIBUTE ::= { WITH SYNTAX DirectoryString {ub-locality-name} ID id-at-localityName } stateOrProvinceName ATTRIBUTE ::= { WITH SYNTAX DirectoryString {ub-state-name} ID id-at-stateOrProvinceName } organizationName ATTRIBUTE ::= { WITH SYNTAX DirectoryString {ub-organization-name} ID id-at-organizationName } organizationalUnitName ATTRIBUTE ::= { WITH SYNTAX DirectoryString {ub-organizational-unit-name} ID id-at-organizationalUnitName } title ATTRIBUTE ::= { WITH SYNTAX DirectoryString {ub-title} ID id-at-title } -- Legacy attributes pkcs9email ATTRIBUTE ::= { WITH SYNTAX PHGString ID emailAddress } PHGString ::= IA5String (SIZE(1..ub-emailaddress-length)) pkcs-9 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 } emailAddress OBJECT IDENTIFIER ::= { pkcs-9 1 } -- object identifiers for Name type and directory attribute support -- Object identifier assignments -- id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4} -- Attributes -- id-at-commonName OBJECT IDENTIFIER ::= {id-at 3} id-at-surname OBJECT IDENTIFIER ::= {id-at 4} id-at-countryName OBJECT IDENTIFIER ::= {id-at 6} id-at-localityName OBJECT IDENTIFIER ::= {id-at 7} id-at-stateOrProvinceName OBJECT IDENTIFIER ::= {id-at 8} id-at-organizationName OBJECT IDENTIFIER ::= {id-at 10} id-at-organizationalUnitName OBJECT IDENTIFIER ::= {id-at 11} id-at-title OBJECT IDENTIFIER ::= {id-at 12} id-at-name OBJECT IDENTIFIER ::= {id-at 41} id-at-givenName OBJECT IDENTIFIER ::= {id-at 42} id-at-initials OBJECT IDENTIFIER ::= {id-at 43} id-at-generationQualifier OBJECT IDENTIFIER ::= {id-at 44} id-at-dnQualifier OBJECT IDENTIFIER ::= {id-at 46} -- Directory string type, used extensively in Name types -- DirectoryString { INTEGER:maxSize } ::= CHOICE { teletexString TeletexString (SIZE (1..maxSize)), printableString PrintableString (SIZE (1..maxSize)), universalString UniversalString (SIZE (1..maxSize)), bmpString BMPString (SIZE(1..maxSize)), utf8String UTF8String (SIZE(1..maxSize)) } -- End of ASN.1 for Name type and directory attribute support -- -- The ASN.1 in this section supports X.400 style names -- -- for implementations that use the x400Address component -- -- of GeneralName. -- ORAddress ::= SEQUENCE { built-in-standard-attributes BuiltInStandardAttributes, built-in-domain-defined-attributes BuiltInDomainDefinedAttributes OPTIONAL, -- see also teletex-domain-defined-attributes extension-attributes ExtensionAttributes OPTIONAL } -- The OR-address is semantically absent from the OR-name if the -- built-in-standard-attribute sequence is empty and the -- built-in-domain-defined-attributes and extension-attributes are -- both omitted. -- Built-in Standard Attributes BuiltInStandardAttributes ::= SEQUENCE { country-name CountryName OPTIONAL, administration-domain-name AdministrationDomainName OPTIONAL, network-address [0] NetworkAddress OPTIONAL, -- see also extended-network-address terminal-identifier [1] TerminalIdentifier OPTIONAL, private-domain-name [2] PrivateDomainName OPTIONAL, organization-name [3] OrganizationName OPTIONAL, -- see also teletex-organization-name numeric-user-identifier [4] NumericUserIdentifier OPTIONAL, personal-name [5] PersonalName OPTIONAL, -- see also teletex-personal-name organizational-unit-names [6] OrganizationalUnitNames OPTIONAL -- see also teletex-organizational-unit-names -- } CountryName ::= [APPLICATION 1] CHOICE { x121-dcc-code NumericString (SIZE (ub-country-name-numeric-length)), iso-3166-alpha2-code PrintableString (SIZE (ub-country-name-alpha-length)) } AdministrationDomainName ::= [APPLICATION 2] CHOICE { numeric NumericString (SIZE (0..ub-domain-name-length)), printable PrintableString (SIZE (0..ub-domain-name-length)) } NetworkAddress ::= X121Address -- see also extended-network-address X121Address ::= NumericString (SIZE (1..ub-x121-address-length)) TerminalIdentifier ::= PrintableString (SIZE (1..ub-terminal-id-length)) PrivateDomainName ::= CHOICE { numeric NumericString (SIZE (1..ub-domain-name-length)), printable PrintableString (SIZE (1..ub-domain-name-length)) } OrganizationName ::= PrintableString (SIZE (1..ub-organization-name-length)) -- see also teletex-organization-name NumericUserIdentifier ::= NumericString (SIZE (1..ub-numeric-user-id-length)) PersonalName ::= SET { surname [0] PrintableString (SIZE (1..ub-surname-length)), given-name [1] PrintableString (SIZE (1..ub-given-name-length)) OPTIONAL, initials [2] PrintableString (SIZE (1..ub-initials-length)) OPTIONAL, generation-qualifier [3] PrintableString (SIZE (1..ub-generation-qualifier-length)) OPTIONAL} -- see also teletex-personal-name OrganizationalUnitNames ::= SEQUENCE SIZE (1..ub-organizational-units) OF OrganizationalUnitName -- see also teletex-organizational-unit-names OrganizationalUnitName ::= PrintableString (SIZE (1..ub-organizational-unit-name-length)) -- Built-in Domain-defined Attributes BuiltInDomainDefinedAttributes ::= SEQUENCE SIZE (1..ub-domain-defined-attributes) OF BuiltInDomainDefinedAttribute BuiltInDomainDefinedAttribute ::= SEQUENCE { type PrintableString (SIZE (1..ub-domain-defined-attribute-type-length)), value PrintableString (SIZE (1..ub-domain-defined-attribute-value-length)) } -- Extension Attributes ExtensionAttributes ::= SET SIZE (1..ub-extension-attributes) OF ExtensionAttribute ExtensionAttribute ::= SEQUENCE { extension-attribute-type [0] EXTENSION-ATTRIBUTE.&id ({ExtensionAttributeTable}), extension-attribute-value [1] EXTENSION-ATTRIBUTE.&Type ({ExtensionAttributeTable} {@extension-attribute-type}) } EXTENSION-ATTRIBUTE ::= CLASS { &id INTEGER (0..ub-extension-attributes) UNIQUE, &Type } WITH SYNTAX {&Type IDENTIFIED BY &id} ExtensionAttributeTable EXTENSION-ATTRIBUTE ::= { common-name | teletex-common-name | teletex-organization-name | teletex-personal-name | teletex-organizational-unit-names | teletex-domain-defined-attributes | pds-name | physical-delivery-country-name | postal-code | physical-delivery-office-name | physical-delivery-office-number | extension-OR-address-components | physical-delivery-personal-name | physical-delivery-organization-name | extension-physical-delivery-address-components | unformatted-postal-address | street-address | post-office-box-address | poste-restante-address | unique-postal-name | local-postal-attributes | extended-network-address | terminal-type } -- Extension Standard Attributes common-name EXTENSION-ATTRIBUTE ::= {CommonName IDENTIFIED BY 1} CommonName ::= PrintableString (SIZE (1..ub-common-name-length)) teletex-common-name EXTENSION-ATTRIBUTE ::= {TeletexCommonName IDENTIFIED BY 2} TeletexCommonName ::= TeletexString (SIZE (1..ub-common-name-length)) teletex-organization-name EXTENSION-ATTRIBUTE ::= {TeletexOrganizationName IDENTIFIED BY 3} TeletexOrganizationName ::= TeletexString (SIZE (1..ub-organization-name-length)) teletex-personal-name EXTENSION-ATTRIBUTE ::= {TeletexPersonalName IDENTIFIED BY 4} TeletexPersonalName ::= SET { surname [0] TeletexString (SIZE (1..ub-surname-length)), given-name [1] TeletexString (SIZE (1..ub-given-name-length)) OPTIONAL, initials [2] TeletexString (SIZE (1..ub-initials-length)) OPTIONAL, generation-qualifier [3] TeletexString (SIZE (1..ub-generation-qualifier-length)) OPTIONAL } teletex-organizational-unit-names EXTENSION-ATTRIBUTE ::= {TeletexOrganizationalUnitNames IDENTIFIED BY 5} TeletexOrganizationalUnitNames ::= SEQUENCE SIZE (1..ub-organizational-units) OF TeletexOrganizationalUnitName TeletexOrganizationalUnitName ::= TeletexString (SIZE (1..ub-organizational-unit-name-length)) pds-name EXTENSION-ATTRIBUTE ::= {PDSName IDENTIFIED BY 7} PDSName ::= PrintableString (SIZE (1..ub-pds-name-length)) physical-delivery-country-name EXTENSION-ATTRIBUTE ::= {PhysicalDeliveryCountryName IDENTIFIED BY 8} PhysicalDeliveryCountryName ::= CHOICE { x121-dcc-code NumericString (SIZE (ub-country-name-numeric-length)), iso-3166-alpha2-code PrintableString (SIZE (ub-country-name-alpha-length)) } postal-code EXTENSION-ATTRIBUTE ::= {PostalCode IDENTIFIED BY 9} PostalCode ::= CHOICE { numeric-code NumericString (SIZE (1..ub-postal-code-length)), printable-code PrintableString (SIZE (1..ub-postal-code-length)) } physical-delivery-office-name EXTENSION-ATTRIBUTE ::= {PhysicalDeliveryOfficeName IDENTIFIED BY 10} PhysicalDeliveryOfficeName ::= PDSParameter physical-delivery-office-number EXTENSION-ATTRIBUTE ::= {PhysicalDeliveryOfficeNumber IDENTIFIED BY 11} PhysicalDeliveryOfficeNumber ::= PDSParameter extension-OR-address-components EXTENSION-ATTRIBUTE ::= {ExtensionORAddressComponents IDENTIFIED BY 12} ExtensionORAddressComponents ::= PDSParameter physical-delivery-personal-name EXTENSION-ATTRIBUTE ::= {PhysicalDeliveryPersonalName IDENTIFIED BY 13} PhysicalDeliveryPersonalName ::= PDSParameter physical-delivery-organization-name EXTENSION-ATTRIBUTE ::= {PhysicalDeliveryOrganizationName IDENTIFIED BY 14} PhysicalDeliveryOrganizationName ::= PDSParameter extension-physical-delivery-address-components EXTENSION-ATTRIBUTE ::= {ExtensionPhysicalDeliveryAddressComponents IDENTIFIED BY 15} ExtensionPhysicalDeliveryAddressComponents ::= PDSParameter unformatted-postal-address EXTENSION-ATTRIBUTE ::= {UnformattedPostalAddress IDENTIFIED BY 16} UnformattedPostalAddress ::= SET { printable-address SEQUENCE SIZE (1..ub-pds-physical-address-lines) OF PrintableString (SIZE (1..ub-pds-parameter-length)) OPTIONAL, teletex-string TeletexString (SIZE (1..ub-unformatted-address-length)) OPTIONAL } street-address EXTENSION-ATTRIBUTE ::= {StreetAddress IDENTIFIED BY 17} StreetAddress ::= PDSParameter post-office-box-address EXTENSION-ATTRIBUTE ::= {PostOfficeBoxAddress IDENTIFIED BY 18} PostOfficeBoxAddress ::= PDSParameter poste-restante-address EXTENSION-ATTRIBUTE ::= {PosteRestanteAddress IDENTIFIED BY 19} PosteRestanteAddress ::= PDSParameter unique-postal-name EXTENSION-ATTRIBUTE ::= {UniquePostalName IDENTIFIED BY 20} UniquePostalName ::= PDSParameter local-postal-attributes EXTENSION-ATTRIBUTE ::= {LocalPostalAttributes IDENTIFIED BY 21} LocalPostalAttributes ::= PDSParameter PDSParameter ::= SET { printable-string PrintableString (SIZE(1..ub-pds-parameter-length)) OPTIONAL, teletex-string TeletexString (SIZE(1..ub-pds-parameter-length)) OPTIONAL } extended-network-address EXTENSION-ATTRIBUTE ::= {ExtendedNetworkAddress IDENTIFIED BY 22} ExtendedNetworkAddress ::= CHOICE { e163-4-address SEQUENCE { number [0] NumericString (SIZE (1..ub-e163-4-number-length)), sub-address [1] NumericString (SIZE (1..ub-e163-4-sub-address-length)) OPTIONAL}, psap-address [0] PresentationAddress } PresentationAddress ::= SEQUENCE { pSelector [0] EXPLICIT OCTET STRING OPTIONAL, sSelector [1] EXPLICIT OCTET STRING OPTIONAL, tSelector [2] EXPLICIT OCTET STRING OPTIONAL, nAddresses [3] EXPLICIT SET SIZE (1..MAX) OF OCTET STRING} terminal-type EXTENSION-ATTRIBUTE ::= {TerminalType IDENTIFIED BY 23} TerminalType ::= INTEGER { telex (3), teletex (4), g3-facsimile (5), g4-facsimile (6), ia5-terminal (7), videotex (8) } (0..ub-integer-options) -- Extension Domain-defined Attributes teletex-domain-defined-attributes EXTENSION-ATTRIBUTE ::= {TeletexDomainDefinedAttributes IDENTIFIED BY 6} TeletexDomainDefinedAttributes ::= SEQUENCE SIZE (1..ub-domain-defined-attributes) OF TeletexDomainDefinedAttribute TeletexDomainDefinedAttribute ::= SEQUENCE { type TeletexString (SIZE (1..ub-domain-defined-attribute-type-length)), value TeletexString (SIZE (1..ub-domain-defined-attribute-value-length)) } -- specifications of Upper Bounds -- shall be regarded as mandatory -- from Annex B of ITU-T X.411 -- Reference Definition of MTS Parameter Upper Bounds -- Upper Bounds ub-name INTEGER ::= 32768 ub-common-name INTEGER ::= 64 ub-locality-name INTEGER ::= 128 ub-state-name INTEGER ::= 128 ub-organization-name INTEGER ::= 64 ub-organizational-unit-name INTEGER ::= 64 ub-title INTEGER ::= 64 ub-match INTEGER ::= 128 ub-emailaddress-length INTEGER ::= 128 ub-common-name-length INTEGER ::= 64 ub-country-name-alpha-length INTEGER ::= 2 ub-country-name-numeric-length INTEGER ::= 3 ub-domain-defined-attributes INTEGER ::= 4 ub-domain-defined-attribute-type-length INTEGER ::= 8 ub-domain-defined-attribute-value-length INTEGER ::= 128 ub-domain-name-length INTEGER ::= 16 ub-extension-attributes INTEGER ::= 256 ub-e163-4-number-length INTEGER ::= 15 ub-e163-4-sub-address-length INTEGER ::= 40 ub-generation-qualifier-length INTEGER ::= 3 ub-given-name-length INTEGER ::= 16 ub-initials-length INTEGER ::= 5 ub-integer-options INTEGER ::= 256 ub-numeric-user-id-length INTEGER ::= 32 ub-organization-name-length INTEGER ::= 64 ub-organizational-unit-name-length INTEGER ::= 32 ub-organizational-units INTEGER ::= 4 ub-pds-name-length INTEGER ::= 16 ub-pds-parameter-length INTEGER ::= 30 ub-pds-physical-address-lines INTEGER ::= 6 ub-postal-code-length INTEGER ::= 16 ub-surname-length INTEGER ::= 40 ub-terminal-id-length INTEGER ::= 24 ub-unformatted-address-length INTEGER ::= 180 ub-x121-address-length INTEGER ::= 16 -- Note - upper bounds on TeletexString are measured in characters. -- A significantly greater number of octets will be required to hold -- such a value. As a minimum, 16 octets, or twice the specified upper -- bound, whichever is the larger, should be allowed. END