-- @(#) sm_ess.asn 1.13 12/17/98 14:17:02 -- FROM ess.txt: draft-ietf-smime-ess-09.txt ExtendedSecurityServices { 1 2 840 113549 1 9 16 0 2 } --MB;{ iso(1) member-body(2) us(840) rsadsi(113549) --MB; pkcs(1) pkcs-9(9) smime(16) modules(0) ess(2) } DEFINITIONS IMPLICIT TAGS ::= BEGIN IMPORTS KeyIdentifier, PolicyQualifierInfo, PolicyInformation, CertPolicyId FROM CertificateExtensions pkcs-9 FROM PKCS9-OIDS -- Cryptographic Message Syntax (CMS) ContentType, IssuerAndSerialNumber, CMSVersion FROM CryptographicMessageSyntax { 1 2 840 113549 1 9 16 0 1 } --RWC;iso(1) member-body(2) us(840) --RWC;rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) cms(1)} -- PKIX Certificate and CRL Profile, Sec A.2 Implicitly Tagged Module, -- 1988 Syntax --RWC;PolicyInformation FROM PKIX1Implicit88 {iso(1) RWC; Added ")" --RWC;identified-organization(3)dod(6) internet(1) security(5) --RWC;mechanisms(5) pkix(7)id-mod(0) id-pkix1-implicit-88(2)} -- X.509 --RWC;GeneralNames, CertificateSerialNumber FROM CertificateExtensions RWC; Removed "," --RWC;{joint-iso-ccitt ds(5) module(1) certificateExtensions(26) 0} ub-security-categories, ub-privacy-mark-length, ub-integer-options FROM UpperBounds -- RWC; Added to avoid SNACC ASN.1 Compiler link errors. CertificateSerialNumber, IssuerSerial FROM AuthenticationFramework --RWC; Added GeneralNames FROM CommonX509Definitions ; --RWC; Added -- Extended Security Services -- The construct "SEQUENCE SIZE (1..MAX) OF" appears in several ASN.1 -- constructs in this module. A valid ASN.1 SEQUENCE can have zero or -- more entries. The SIZE (1..MAX) construct constrains the SEQUENCE to -- have at least one entry. MAX indicates the upper bound is unspecified. -- Implementations are free to choose an upper bound that suits their -- environment. -- Section 2.7 ReceiptRequest ::= SEQUENCE { signedContentIdentifier ContentIdentifier, receiptsFrom ReceiptsFrom, receiptsTo SEQUENCE SIZE (1..ub-receiptsTo) OF GeneralNames } ub-receiptsTo INTEGER ::= 16 smime OBJECT IDENTIFIER ::= { pkcs-9 smime(16) } id-aa OBJECT IDENTIFIER ::= { pkcs-9 smime(16) 2 } id-aa-receiptRequest OBJECT IDENTIFIER ::= { id-aa 1 } ContentIdentifier ::= OCTET STRING id-aa-contentIdentifier OBJECT IDENTIFIER ::= { id-aa 7 } ReceiptsFrom ::= CHOICE { allOrFirstTier [0] AllOrFirstTier, -- formerly "allOrNone [0]AllOrNone" receiptList [1] SEQUENCE OF GeneralNames } AllOrFirstTier ::= INTEGER { -- Formerly AllOrNone allReceipts (0), firstTierRecipients (1) } -- Section 2.8 Receipt ::= SEQUENCE { version CMSVersion, -- Version is imported from [CMS] contentType ContentType, signedContentIdentifier ContentIdentifier, originatorSignatureValue OCTET STRING } id-ct-receipt OBJECT IDENTIFIER ::= { smime id-ct(1) 1 } -- Section 2.9 ContentHints ::= SEQUENCE { contentDescription UTF8String OPTIONAL, --RWC;SIZE (1..MAX) OPTIONAL, contentType ContentType } id-aa-contentHint OBJECT IDENTIFIER ::= { id-aa 4 } -- Section 2.10 MsgSigDigest ::= OCTET STRING id-aa-msgSigDigest OBJECT IDENTIFIER ::= { id-aa 5 } -- Section 2.11 ContentReference ::= SEQUENCE { contentType ContentType, signedContentIdentifier ContentIdentifier, originatorSignatureValue OCTET STRING } id-aa-contentReference OBJECT IDENTIFIER ::= { id-aa 10 } -- Section 3.2 ESSSecurityLabel ::= SET { security-policy-identifier SecurityPolicyIdentifier, security-classification SecurityClassification OPTIONAL, privacy-mark ESSPrivacyMark OPTIONAL, security-categories SecurityCategories OPTIONAL } id-aa-securityLabel OBJECT IDENTIFIER ::= { id-aa 2} SecurityPolicyIdentifier ::= OBJECT IDENTIFIER SecurityClassification ::= INTEGER { unmarked (0), unclassified (1), restricted (2), confidential (3), secret (4), top-secret (5) } (0..ub-integer-options) --RWC; IMPORTED;ub-integer-options INTEGER ::= 256 ESSPrivacyMark ::= CHOICE { pStringááááá PrintableString, --RWC;SIZE (1..ub-privacy-mark-length), utf8Stringáá UTF8String --RWC;SIZE (1..MAX) } --RWC; IMPORTED;ub-privacy-mark-length INTEGER ::= 128 SecurityCategories ::= SET SIZE (1..ub-security-categories) OF SecurityCategory --RWC; IMPORTED;ub-security-categories INTEGER ::= 64 SecurityCategory ::= SEQUENCE { type [0] OBJECT IDENTIFIER, value [1] ANY --RWC;DEFINED BY type } --Note: The aforementioned SecurityCategory syntax produces identical --hex encodings as the following SecurityCategory syntax that is --documented in the X.411 specification: -- --SecurityCategory ::= SEQUENCE { -- type [0] SECURITY-CATEGORY, -- value [1] ANY DEFINED BY type } -- --SECURITY-CATEGORY MACRO ::= --BEGIN --TYPE NOTATION ::= type | empty --VALUE NOTATION ::= value (VALUE OBJECT IDENTIFIER) --END -- Section 3.4 EquivalentLabels ::= SEQUENCE OF ESSSecurityLabel id-aa-equivalentLabels OBJECT IDENTIFIER ::= { id-aa 9} -- Section 4.4 MLExpansionHistory ::= SEQUENCE SIZE (1..ub-ml-expansion-history) OF MLData id-aa-mlExpandHistory OBJECT IDENTIFIER ::= { id-aa 3} ub-ml-expansion-history INTEGER ::= 64 MLData ::= SEQUENCE { mailListIdentifier EntityIdentifier, -- EntityIdentifier is imported from [CMS] expansionTime GeneralizedTime, mlReceiptPolicy MLReceiptPolicy OPTIONAL } EntityIdentifier ::= CHOICE { issuerAndSerialNumber IssuerAndSerialNumber, subjectKeyIdentifier KeyIdentifier } MLReceiptPolicy ::= CHOICE { none [0] NULL, insteadOf [1] SEQUENCE SIZE (1..MAX) OF GeneralNames, inAdditionTo [2] SEQUENCE SIZE (1..MAX) OF GeneralNames } -- Section 5.4 SigningCertificate ::= SEQUENCE { certs SEQUENCE OF ESSCertID, policies SEQUENCE OF PolicyInformation OPTIONAL } id-aa-signingCertificate OBJECT IDENTIFIER ::= { id-aa 4444 } --RWC;Removed } ESSCertID ::= SEQUENCE { certHash CertHash, issuerSerial IssuerSerial OPTIONAL } CertHash ::= OCTET STRING -- SHA1 hash of entire certificate --RWC; Modified "Hash" to "CertHash" to avoid crypto++ library contention. --RWC; --RWC; Added for completeness --RWC; -- policyQualifierIds for Internet policy qualifiers id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) } id-qt OBJECT IDENTIFIER ::= { id-pkix 2 } id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 } id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 } PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice ) END