[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Problems w/ ASN.1 in PKIX part 1
Hi all,
Sorry if this has already been discussed, but I have been running my ASN.1
compiler across the ASN.1 source from the PKIX part 1 document and have come
up with the following problems.
1. The definition of UniversalString is missing its ::=
===>
UniversalString [UNIVERSAL 28] IMPLICIT OCTET STRING
-- UniversalString is defined in ASN.1:1993
<===
UniversalString ::= [UNIVERSAL 28] IMPLICIT OCTET STRING
-- UniversalString is defined in ASN.1:1993
2. The constant maxSize in the DirectoryString type assignment is not defined
(replace with MAX?)
3. The types Version, Extensions and Extension are all defined more than once,
as is the Oid id-ce-cRLNumber.
4. The type PresentationAddress is not defined
5. In the definition of AnotherName, OBJECT IDENTIFIER is mispelt
===>
AnotherName ::= SEQUENCE {
type-id OBJECT IDENTIFER,
value [0] EXPLICIT ANY DEFINED BY type-id
}
<===
AnotherName ::= SEQUENCE {
type-id OBJECT IDENTIFIER,
value [0] EXPLICIT ANY DEFINED BY type-id
}
6. A number of Oids use US(840) as an element. I am not sure if it is a
standard that value names be in lower case, but my ASN.1 compiler barfs
unless this is us(840).
7. Likewise, ExtensionAttributeTable should be extensionAttributeTable as (I
think) it is a value not a type.
8. Apart from that my compiler also bitches about the UNIQUE keyword used in
the
definition of EXTENSION-ATTRIBUTE as in:
EXTENSION-ATTRIBUTE ::= SEQUENCE {
extension-attribute-type [0] INTEGER (0..ub-extension-attributes) UNIQUE,
extension-attribute-value [1] ANY DEFINED BY extension-attribute-type
}
Can anyone tell me what UNIQUE does?
I have included the patched ASN.1 source as a MIME attachment below for
comments. The only thing that is missing here I think is the definition of
PresentationAddress which I have as hacked as an OCTET STRING. Anything that is
a bit dodgy is commented with an XXX. I'd appreciate
comments/flames/improvements :).
Dean.
PKIX1 DEFINITIONS IMPLICIT TAGS::=
BEGIN
-- UNIVERSAL Types defined in '93 ASN.1
-- but required by this specification
UniversalString ::= [UNIVERSAL 28] IMPLICIT OCTET STRING
-- UniversalString is defined in ASN.1:1993
BMPString ::= [UNIVERSAL 30] IMPLICIT OCTET STRING
-- BMPString is the subtype of
-- UniversalString and models the Basic Multilingual Plane
-- of ISO/IEC 10646-1
--- XXX Stuff that needs fixing
PresentationAddress ::= OCTET STRING
-- attribute data types --
Attribute ::= SEQUENCE {
type AttributeValue,
values SET OF AttributeValue
-- at least one value is required -- }
AttributeType ::= OBJECT IDENTIFIER
AttributeValue ::= ANY
AttributeTypeAndValue ::= SEQUENCE {
type AttributeType,
value AttributeValue }
AttributeValueAssertion ::= SEQUENCE {AttributeType, AttributeValue}
-- naming data types --
Name ::= CHOICE { -- only one possibility for now --
rdnSequence RDNSequence }
RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
DistinguishedName ::= RDNSequence
RelativeDistinguishedName ::= SET SIZE (1 .. MAX) OF AttributeTypeAndValue
-- Directory string type --
-- XXX Changed maxSize to MAX
DirectoryString ::= CHOICE {
teletexString TeletexString (SIZE (1..MAX)),
printableString PrintableString (SIZE (1..MAX)),
universalString UniversalString (SIZE (1..MAX))
}
-- certificate and CRL specific structures begin here
Certificate ::= SEQUENCE {
tbsCertificate TBSCertificate,
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING }
TBSCertificate ::= SEQUENCE {
version [0] EXPLICIT Version DEFAULT v1,
serialNumber CertificateSerialNumber,
signature AlgorithmIdentifier,
issuer Name,
validity Validity,
subject Name,
subjectPublicKeyInfo SubjectPublicKeyInfo,
issuerUniqueID [1] UniqueIdentifier OPTIONAL,
-- If present, version must be v2 or v3
subjectUniqueID [2] UniqueIdentifier OPTIONAL,
-- If present, version must be v2 or v3
extensions [3] EXPLICIT Extensions OPTIONAL
-- If present, version must be v3
}
Version ::= INTEGER { v1(0), v2(1), v3(2) }
CertificateSerialNumber ::= INTEGER
Validity ::= SEQUENCE {
notBefore CertificateValidityDate,
notAfter CertificateValidityDate }
CertificateValidityDate ::= CHOICE {
utcTime UTCTime,
generalTime GeneralizedTime }
UniqueIdentifier ::= BIT STRING
SubjectPublicKeyInfo ::= SEQUENCE {
algorithm AlgorithmIdentifier,
subjectPublicKey BIT STRING }
Extensions ::= SEQUENCE OF Extension
Extension ::= SEQUENCE {
extnId OBJECT IDENTIFIER,
critical BOOLEAN DEFAULT FALSE,
extnValue OCTET STRING }
-- contains a DER encoding of a value
-- of the type registered for use with
-- the extnId object identifier value
-- Extension ::= { {id-ce 15}, ... , keyUsage }
ID ::= OBJECT IDENTIFIER
joint-iso-ccitt ID ::= { 2 }
ds ID ::= {joint-iso-ccitt 5}
certificateExtension ID ::= {ds 29}
-- id-ce ID ::= certificateExtension
id-ce ID ::= {ds 29}
AuthorityKeyIdentifier ::= SEQUENCE {
keyIdentifier [0] KeyIdentifier
OPTIONAL,
authorityCertIssuer [1] GeneralNames
OPTIONAL,
authorityCertSerialNumber [2] CertificateSerialNumber
OPTIONAL
}
( WITH COMPONENTS {..., authorityCertIssuer PRESENT,
authorityCertSerialNumber PRESENT} |
WITH COMPONENTS {..., authorityCertIssuer ABSENT,
authorityCertSerialNumber ABSENT} )
-- authorityKeyIdentifier ::= AuthorityKeyIdentifier
KeyIdentifier ::= OCTET STRING
-- subjectKeyIdentifier ::= KeyIdentifier
KeyUsage ::= BIT STRING {
digitalSignature (0),
nonRepudiation (1),
keyEncipherment (2),
dataEncipherment (3),
keyAgreement (4),
keyCertSign (5),
cRLSign (6) }
id-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= { id-ce 16 }
PrivateKeyUsagePeriod ::= SEQUENCE {
notBefore [0] GeneralizedTime OPTIONAL,
notAfter [1] GeneralizedTime OPTIONAL }
( WITH COMPONENTS {..., notBefore PRESENT} |
WITH COMPONENTS {..., notAfter PRESENT} )
id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 }
CertificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
PolicyInformation ::= SEQUENCE {
policyIdentifier CertPolicyId,
policyQualifiers SEQUENCE SIZE (1..MAX) OF
PolicyQualifierInfo OPTIONAL }
CertPolicyId ::= OBJECT IDENTIFIER
-- PolicyQualifierInfo ::= SEQUENCE {
-- policyQualifierId CERT-POLICY-QUALIFIER.&id
-- ({SupportedPolicyQualifiers}),
-- qualifier CERT-POLICY-QUALIFIER.&Qualifier
--
-- ({SupportedPolicyQualifiers}{@policyQualifierId})
-- OPTIONAL }
-- SupportedPolicyQualifiers CERT-POLICY-QUALIFIER ::= { ... }
PolicyQualifierInfo ::= SEQUENCE {
policyQualifierId PolicyQualifierId,
qualifier ANY DEFINED BY policyQualifierId }
PolicyQualifierId ::= ENUMERATED {
qualId1 (1), qualId2 (2), qualId3 (3), qualId4 (4), qualId5 ( 5 ) }
id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 }
PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
issuerDomainPolicy CertPolicyId,
subjectDomainPolicy CertPolicyId }
id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 }
SubjectAltName ::= GeneralNames
GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
GeneralName ::= CHOICE {
-- OTHER-NAME ::= TYPE-IDENTIFIER note: not supported in '88 ASN.1
otherName [0] AnotherName,
rfc822Name [1] IA5String,
dNSName [2] IA5String,
x400Address [3] ORAddress,
directoryName [4] Name,
ediPartyName [5] EDIPartyName,
uniformResourceIdentifier [6] IA5String,
iPAddress [7] OCTET STRING,
registeredID [8] OBJECT IDENTIFIER
}
AnotherName ::= SEQUENCE {
type-id OBJECT IDENTIFIER,
value [0] EXPLICIT ANY DEFINED BY type-id
}
EDIPartyName ::= SEQUENCE {
nameAssigner [0] DirectoryString OPTIONAL,
partyName [1] DirectoryString }
id-ce-issuerAltName OBJECT IDENTIFIER ::= { id-ce 18 }
IssuerAltName ::= GeneralNames
id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-ce 9 }
SubjectDirectoryAttributes ::= SEQUENCE SIZE (1..MAX) OF Attribute
id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 }
BasicConstraints ::= SEQUENCE {
cA BOOLEAN DEFAULT FALSE,
pathLenConstraint INTEGER (0..MAX) OPTIONAL }
id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 }
NameConstraints ::= SEQUENCE {
permittedSubtrees [0] GeneralSubtrees OPTIONAL,
excludedSubtrees [1] GeneralSubtrees OPTIONAL }
GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
GeneralSubtree ::= SEQUENCE {
base GeneralName,
minimum [0] BaseDistance DEFAULT 0,
maximum [1] BaseDistance OPTIONAL }
BaseDistance ::= INTEGER (0..MAX)
id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 34 }
PolicyConstraints ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
policySet [0] CertPolicySet OPTIONAL,
requireExplicitPolicy [1] SkipCerts OPTIONAL,
inhibitPolicyMapping [2] SkipCerts OPTIONAL }
SkipCerts ::= INTEGER (0..MAX)
CertPolicySet ::= SEQUENCE SIZE (1..MAX) OF CertPolicyId
-- cRLDistributionPoints CRLDistPointsSyntax ::=
-- SEQUENCE SIZE (1..MAX) OF DistributionPoint
CRLDistPointsSyntax ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
DistributionPoint ::= SEQUENCE {
distributionPoint [0] DistributionPointName OPTIONAL,
reasons [1] ReasonFlags OPTIONAL,
cRLIssuer [2] GeneralNames OPTIONAL }
DistributionPointName ::= CHOICE {
fullName [0] GeneralNames,
nameRelativeToCRLIssuer [1] RelativeDistinguishedName }
ReasonFlags ::= BIT STRING {
unused (0),
keyCompromise (1),
cACompromise (2),
affiliationChanged (3),
superseded (4),
cessationOfOperation (5),
certificateHold (6) }
-- private extensions
pkix OBJECT IDENTIFIER ::= { 1 3 6 1 5 5 7 }
id-pkix-subjectInfoAccess OBJECT IDENTIFIER ::= { pkix 1}
-- subjectInfoAccess ::= { SubjectInfoAccessSyntax }
SubjectInfoAccessSyntax ::= SEQUENCE SIZE (1..MAX) OF AccessDescription
AccessDescription ::= SEQUENCE {
subjectInfo GeneralName }
id-pkix-authorityInfoAccess OBJECT IDENTIFIER ::= { pkix 2 }
-- authorityInfoAccess ::= { AuthorityInfoAccessSyntax }
AuthorityInfoAccessSyntax ::= SEQUENCE {
authorityInfo [0] SEQUENCE OF GeneralName OPTIONAL,
certStatus [1] SEQUENCE OF GeneralName OPTIONAL }
-- CRL structures
CertificateList ::= SEQUENCE {
tbsCertList TBSCertList,
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING }
TBSCertList ::= SEQUENCE {
version Version OPTIONAL,
-- if present, must be v2
signature AlgorithmIdentifier,
issuer Name,
thisUpdate ChoiceOfTime,
nextUpdate ChoiceOfTime,
revokedCertificates SEQUENCE OF SEQUENCE {
userCertificate CertificateSerialNumber,
revocationDate ChoiceOfTime,
crlEntryExtensions Extensions OPTIONAL
-- if present, must be v2
} OPTIONAL,
crlExtensions [0] EXPLICIT Extensions OPTIONAL
-- if present, must be v2
}
AlgorithmIdentifier ::= SEQUENCE {
algorithm OBJECT IDENTIFIER,
parameters ANY DEFINED BY algorithm OPTIONAL }
-- contains a value of the type
-- registered for use with the
-- algorithm object identifier value
ChoiceOfTime ::= CHOICE {
utcTime UTCTime,
generalTime GeneralizedTime }
id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 }
CRLNumber ::= INTEGER (0..MAX)
id-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-ce 28 }
IssuingDistributionPoint ::= SEQUENCE {
distributionPoint [0] DistributionPointName OPTIONAL,
onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE,
onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE,
onlySomeReasons [3] ReasonFlags OPTIONAL,
indirectCRL [4] BOOLEAN DEFAULT FALSE }
id-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-ce 27 }
-- deltaCRLIndicator ::= BaseCRLNumber
BaseCRLNumber ::= CRLNumber
-- reasonCode EXTENSION ::= {
-- SYNTAX CRLReason
-- IDENTIFIED BY { id-ce 21 } }
CRLReason ::= ENUMERATED {
unspecified (0),
keyCompromise (1),
cACompromise (2),
affiliationChanged (3),
superseded (4),
cessationOfOperation (5),
certificateHold (6),
removeFromCRL (8) }
id-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-ce 23 }
HoldInstructionCode ::= OBJECT IDENTIFIER
member-body ID ::= { iso 2 }
us ID ::= { member-body 840 }
x9cm ID ::= { us 10040 }
holdInstruction ID ::= {x9cm 2}
id-holdinstruction-none ID ::= {holdInstruction 1}
id-holdinstruction-callissuer ID ::= {holdInstruction 2}
id-holdinstruction-reject ID ::= {holdInstruction 3}
id-ce-invalidityDate OBJECT IDENTIFIER ::= { id-ce 24 }
InvalidityDate ::= GeneralizedTime
-- Algorithm structures
md2WithRSAEncryption OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
pkcs-1(1) 2 }
sha-1WithRSAEncryption OBJECT IDENTIFIER ::= {
iso(1) identified-organization(3) oiw(14) secsig(3)
algorithm(2) 29 }
id-dsa-with-sha1 ID ::= {
iso(1) member-body(2) us(840) x9-57 (10040)
x9algorithm(4) 3 }
pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
rsadsi(113549) pkcs(1) 1 }
rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1}
dhpublicnumber OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) ansi-x942(10046) 1 }
DHParameter ::= SEQUENCE {
prime INTEGER, -- p
base INTEGER -- g
}
id-dsa ID ::= { iso(1) member-body(2) us(840) x9-57(10040)
x9algorithm(4) 1 }
Dss-Parms ::= SEQUENCE {
p INTEGER,
q INTEGER,
g INTEGER }
Dss-Sig-Value ::= SEQUENCE {
r INTEGER,
s INTEGER }
id-keyEncryptionAlgorithm OBJECT IDENTIFIER ::=
{ 2 16 840 1 101 2 1 1 22 }
KEA-Parms-Id ::= OCTET STRING
id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 }
id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 }
id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 }
id-pkix-policy-CPS OBJECT IDENTIFIER ::= { pkix 4 }
CPSuri ::= IA5String
id-pkix-policy-userNotice OBJECT IDENTIFIER ::= { pkix 5 }
UserNotice ::= CHOICE {
visibleString VisibleString,
bmpString BMPString
}
-- x400 address syntax starts here
-- OR Names
ORAddressAndOrDirectoryName ::= ORName
ORAddressAndOptionalDirectoryName ::= ORName
ORName ::= [APPLICATION 0] SEQUENCE {
-- address -- COMPONENTS OF ORAddress,
directory-name [0] Name OPTIONAL }
ORAddress ::= SEQUENCE {
built-in-standard-attributes BuiltInStandardAttributes,
built-in-domain-defined-attributes
BuiltInDomainDefinedAttributes OPTIONAL,
-- see also teletex-domain-defined-attributes
extension-attributes ExtensionAttributes OPTIONAL }
-- The OR-address is semantically absent from the OR-name if the
-- built-in-standard-attribute sequence is empty and the
-- built-in-domain-defined-attributes and extension-attributes are
-- both omitted.
-- Built-in Standard Attributes
BuiltInStandardAttributes ::= SEQUENCE {
country-name CountryName OPTIONAL,
administration-domain-name AdministrationDomainName OPTIONAL,
network-address [0] NetworkAddress OPTIONAL,
-- see also extended-network-address
terminal-identifier [1] TerminalIdentifier OPTIONAL,
private-domain-name [2] PrivateDomainName OPTIONAL,
organization-name [3] OrganizationName OPTIONAL,
-- see also teletex-organization-name
numeric-user-identifier [4] NumericUserIdentifier OPTIONAL,
personal-name [5] PersonalName OPTIONAL,
-- see also teletex-personal-name
organizational-unit-names [6] OrganizationalUnitNames OPTIONAL
-- see also teletex-organizational-unit-names -- }
CountryName ::= [APPLICATION 1] CHOICE {
x121-dcc-code NumericString
(SIZE (ub-country-name-numeric-length)),
iso-3166-alpha2-code PrintableString
(SIZE (ub-country-name-alpha-length)) }
AdministrationDomainName ::= [APPLICATION 2] CHOICE {
numeric NumericString (SIZE (0..ub-domain-name-length)),
printable PrintableString (SIZE (0..ub-domain-name-length)) }
NetworkAddress ::= X121Address
-- see also extended-network-address
X121Address ::= NumericString (SIZE (1..ub-x121-address-length))
TerminalIdentifier ::= PrintableString (SIZE (1..ub-terminal-id-length))
PrivateDomainName ::= CHOICE {
numeric NumericString (SIZE (1..ub-domain-name-length)),
printable PrintableString (SIZE (1..ub-domain-name-length)) }
OrganizationName ::= PrintableString (SIZE (1..ub-organization-name-length))
-- see also teletex-organization-name
NumericUserIdentifier ::= NumericString (SIZE (1..ub-numeric-user-id-length)
)
PersonalName ::= SET {
surname [0] PrintableString (SIZE (1..ub-surname-length)),
given-name [1] PrintableString
(SIZE (1..ub-given-name-length)) OPTIONAL,
initials [2] PrintableString (SIZE (1..ub-initials-length)) OPTIONAL,
generation-qualifier [3] PrintableString
(SIZE (1..ub-generation-qualifier-length)) OPTIONAL}
-- see also teletex-personal-name
OrganizationalUnitNames ::= SEQUENCE SIZE (1..ub-organizational-units)
OF OrganizationalUnitName
-- see also teletex-organizational-unit-names
OrganizationalUnitName ::= PrintableString (SIZE
(1..ub-organizational-unit-name-length))
-- Built-in Domain-defined Attributes
BuiltInDomainDefinedAttributes ::= SEQUENCE SIZE
(1..ub-domain-defined-attributes) OF
BuiltInDomainDefinedAttribute
BuiltInDomainDefinedAttribute ::= SEQUENCE {
type PrintableString (SIZE
(1..ub-domain-defined-attribute-type-length)),
value PrintableString (SIZE
(1..ub-domain-defined-attribute-value-length)) }
-- Extension Attributes
ExtensionAttributes ::= SET SIZE (1..ub-extension-attributes) OF
ExtensionAttribute
EXTENSION-ATTRIBUTE ::= SEQUENCE {
extension-attribute-type [0] INTEGER (0..ub-extension-attributes) UNIQUE,
extension-attribute-value [1] ANY DEFINED BY extension-attribute-type
}
ExtensionAttribute ::= EXTENSION-ATTRIBUTE
extensionAttributeTable EXTENSION-ATTRIBUTE ::= {
common-name |
teletex-common-name |
teletex-organization-name |
teletex-personal-name |
teletex-organizational-unit-names |
teletex-domain-defined-attributes |
pds-name |
physical-delivery-country-name |
postal-code |
physical-delivery-office-name |
physical-delivery-office-number |
extension-OR-address-components |
physical-delivery-personal-name |
physical-delivery-organization-name |
extension-physical-delivery-address-components |
unformatted-postal-address |
street-address |
post-office-box-address |
poste-restante-address |
unique-postal-name |
local-postal-attributes |
extended-network-address |
terminal-type }
-- Extension Standard Attributes
common-name EXTENSION-ATTRIBUTE ::= {CommonName IDENTIFIED BY 1}
CommonName ::= PrintableString (SIZE (1..ub-common-name-length))
teletex-common-name EXTENSION-ATTRIBUTE ::=
{TeletexCommonName IDENTIFIED BY 2}
TeletexCommonName ::= TeletexString (SIZE (1..ub-common-name-length))
teletex-organization-name EXTENSION-ATTRIBUTE ::=
{TeletexOrganizationName IDENTIFIED BY 3}
TeletexOrganizationName ::= TeletexString (SIZE
(1..ub-organization-name-length))
teletex-personal-name EXTENSION-ATTRIBUTE ::=
{TeletexPersonalName IDENTIFIED BY 4}
TeletexPersonalName ::= SET {
surname [0] TeletexString (SIZE (1..ub-surname-length)),
given-name [1] TeletexString (SIZE (1..ub-given-name-length)) OPTIONAL,
initials [2] TeletexString (SIZE (1..ub-initials-length)) OPTIONAL,
generation-qualifier [3] TeletexString (SIZE
(1..ub-generation-qualifier-length)) OPTIONAL }
teletex-organizational-unit-names EXTENSION-ATTRIBUTE ::=
{TeletexOrganizationalUnitNames IDENTIFIED BY 5}
TeletexOrganizationalUnitNames ::= SEQUENCE SIZE
(1..ub-organizational-units) OF TeletexOrganizationalUnitName
TeletexOrganizationalUnitName ::= TeletexString
(SIZE (1..ub-organizational-unit-name-length))
pds-name EXTENSION-ATTRIBUTE ::= {PDSName IDENTIFIED BY 7}
PDSName ::= PrintableString (SIZE (1..ub-pds-name-length))
physical-delivery-country-name EXTENSION-ATTRIBUTE ::=
{PhysicalDeliveryCountryName IDENTIFIED BY 8}
PhysicalDeliveryCountryName ::= CHOICE {
x121-dcc-code NumericString (SIZE (ub-country-name-numeric-length)),
iso-3166-alpha2-code PrintableString
(SIZE (ub-country-name-alpha-length)) }
postal-code EXTENSION-ATTRIBUTE ::= {PostalCode IDENTIFIED BY 9}
PostalCode ::= CHOICE {
numeric-code NumericString (SIZE (1..ub-postal-code-length)),
printable-code PrintableString (SIZE (1..ub-postal-code-length)) }
physical-delivery-office-name EXTENSION-ATTRIBUTE ::=
{PhysicalDeliveryOfficeName IDENTIFIED BY 10}
PhysicalDeliveryOfficeName ::= PDSParameter
physical-delivery-office-number EXTENSION-ATTRIBUTE ::=
{PhysicalDeliveryOfficeNumber IDENTIFIED BY 11}
PhysicalDeliveryOfficeNumber ::= PDSParameter
extension-OR-address-components EXTENSION-ATTRIBUTE ::=
{ExtensionORAddressComponents IDENTIFIED BY 12}
ExtensionORAddressComponents ::= PDSParameter
physical-delivery-personal-name EXTENSION-ATTRIBUTE ::=
{PhysicalDeliveryPersonalName IDENTIFIED BY 13}
PhysicalDeliveryPersonalName ::= PDSParameter
physical-delivery-organization-name EXTENSION-ATTRIBUTE ::=
{PhysicalDeliveryOrganizationName IDENTIFIED BY 14}
PhysicalDeliveryOrganizationName ::= PDSParameter
extension-physical-delivery-address-components EXTENSION-ATTRIBUTE ::=
{ExtensionPhysicalDeliveryAddressComponents IDENTIFIED BY 15}
ExtensionPhysicalDeliveryAddressComponents ::= PDSParameter
unformatted-postal-address EXTENSION-ATTRIBUTE ::=
{UnformattedPostalAddress IDENTIFIED BY 16}
UnformattedPostalAddress ::= SET {
printable-address SEQUENCE SIZE (1..ub-pds-physical-address-lines) OF
PrintableString (SIZE (1..ub-pds-parameter-length)) OPTIONAL,
teletex-string TeletexString (SIZE
(1..ub-unformatted-address-length)) OPTIONAL }
street-address EXTENSION-ATTRIBUTE ::=
{StreetAddress IDENTIFIED BY 17}
StreetAddress ::= PDSParameter
post-office-box-address EXTENSION-ATTRIBUTE ::=
{PostOfficeBoxAddress IDENTIFIED BY 18}
PostOfficeBoxAddress ::= PDSParameter
poste-restante-address EXTENSION-ATTRIBUTE ::=
{PosteRestanteAddress IDENTIFIED BY 19}
PosteRestanteAddress ::= PDSParameter
unique-postal-name EXTENSION-ATTRIBUTE ::=
{UniquePostalName IDENTIFIED BY 20}
UniquePostalName ::= PDSParameter
local-postal-attributes EXTENSION-ATTRIBUTE ::=
{LocalPostalAttributes IDENTIFIED BY 21}
LocalPostalAttributes ::= PDSParameter
PDSParameter ::= SET {
printable-string PrintableString (SIZE(1..ub-pds-parameter-length))
OPTIONAL,
teletex-string TeletexString (SIZE(1..ub-pds-parameter-length)) OPTIONAL
}
extended-network-address EXTENSION-ATTRIBUTE ::=
{ExtendedNetworkAddress IDENTIFIED BY 22}
ExtendedNetworkAddress ::= CHOICE {
e163-4-address SEQUENCE {
number [0] NumericString (SIZE (1..ub-e163-4-number-length)),
sub-address [1] NumericString
(SIZE (1..ub-e163-4-sub-address-length)) OPTIONAL },
esap-address [0] PresentationAddress }
terminal-type EXTENSION-ATTRIBUTE ::= {TerminalType IDENTIFIED BY 23}
TerminalType ::= INTEGER {
telex (3),
teletex (4),
g3-facsimile (5),
g4-facsimile (6),
ia5-terminal (7),
videotex (8) } (0..ub-integer-options)
-- Extension Domain-defined Attributes
teletex-domain-defined-attributes EXTENSION-ATTRIBUTE ::=
{TeletexDomainDefinedAttributes IDENTIFIED BY 6}
TeletexDomainDefinedAttributes ::= SEQUENCE SIZE
(1..ub-domain-defined-attributes) OF TeletexDomainDefinedAttribute
TeletexDomainDefinedAttribute ::= SEQUENCE {
type TeletexString (SIZE (1..ub-domain-defined-attribute-type-length)),
value TeletexString (SIZE (1..ub-domain-defined-attribute-value-length))
}
-- specifications of Upper Bounds
-- must be regarded as mandatory
-- from Annex B of ITU-T X.411
-- Reference Definition of MTS Parameter Upper Bounds
-- Upper Bounds
ub-additional-info INTEGER ::= 1024
ub-bilateral-info INTEGER ::= 1024
ub-bit-options INTEGER ::= 16
ub-built-in-content-type INTEGER ::= 32767
ub-built-in-encoded-information-types INTEGER ::= 32
ub-common-name-length INTEGER ::= 64
ub-content-correlator-length INTEGER ::= 512
ub-content-id-length INTEGER ::= 16
ub-content-length INTEGER ::= 2147483647 -- the largest integer in 32 bits
ub-content-types INTEGER ::= 1024
ub-country-name-alpha-length INTEGER ::= 2
ub-country-name-numeric-length INTEGER ::= 3
ub-diagnostic-codes INTEGER ::= 32767
ub-deliverable-class INTEGER ::= 256
ub-dl-expansions INTEGER ::= 512
ub-domain-defined-attributes INTEGER ::= 4
ub-domain-defined-attribute-type-length INTEGER ::= 8
ub-domain-defined-attribute-value-length INTEGER ::= 128
ub-domain-name-length INTEGER ::= 16
ub-encoded-information-types INTEGER ::= 1024
ub-extension-attributes INTEGER ::= 256
ub-extension-types INTEGER ::= 256
ub-e163-4-number-length INTEGER ::= 15
ub-e163-4-sub-address-length INTEGER ::= 40
ub-generation-qualifier-length INTEGER ::= 3
ub-given-name-length INTEGER ::= 16
ub-initials-length INTEGER ::= 5
ub-integer-options INTEGER ::= 256
ub-labels-and-redirections INTEGER ::= 256
ub-local-id-length INTEGER ::= 32
ub-mta-name-length INTEGER ::= 32
ub-mts-user-types INTEGER ::= 256
ub-numeric-user-id-length INTEGER ::= 32
ub-organization-name-length INTEGER ::= 64
ub-organizational-unit-name-length INTEGER ::= 32
ub-organizational-units INTEGER ::= 4
ub-orig-and-dl-expansions INTEGER ::= 513 -- ub-dl-expansions plus one
ub-password-length INTEGER ::= 62
ub-pds-name-length INTEGER ::= 16
ub-pds-parameter-length INTEGER ::= 30
ub-pds-physical-address-lines INTEGER ::= 6
ub-postal-code-length INTEGER ::= 16
ub-privacy-mark-length INTEGER ::= 128
ub-queue-size INTEGER ::= 2147483647 -- the largest integer in 32 bits
ub-reason-codes INTEGER ::= 32767
ub-recipient-number-for-advice-length INTEGER ::= 32
ub-recipients INTEGER ::= 32767
ub-redirection-classes INTEGER ::= 256
ub-redirections INTEGER ::= 512
ub-restrictions INTEGER ::= 1024
ub-security-categories INTEGER ::= 64
ub-security-labels INTEGER ::= 256
ub-security-problems INTEGER ::= 256
ub-supplementary-info-length INTEGER ::= 256
ub-surname-length INTEGER ::= 40
ub-teletex-private-use-length INTEGER ::= 128
ub-terminal-id-length INTEGER ::= 24
ub-transfers INTEGER ::= 512
ub-tsap-id-length INTEGER ::= 16
ub-unformatted-address-length INTEGER ::= 180
ub-x121-address-length INTEGER ::= 16
-- Note - upper bounds on TeletexString are measured in characters.
-- A significantly greater number of octets will be required to hold
-- such a value. As a minimum, 16 octets, or twice the specified upper
-- bound, whichever is the larger, should be allowed.
END
+----------------------------------------+-----------------------------------+
| Dean Povey, | Email: povey@dstc.edu.au |
| Research Scientist, Security Unit, | Phone: +61 7 3864 2799 |
| CRC for Distributed Systems Technology | Fax: +61 7 3864 1282 |
+----------------------------------------+-----------------------------------+