2.5.29.30 - Name Constraints

Submitted by j.onions@nexor.co.uk from host trident.nexor.co.uk (128.243.9.9) on Fri Mar 21 13:04:40 MET 1997 using a WWW entry form.

OID value: 2.5.29.30

OID description:
id-ce-nameConstraints

This extension which shall be used only in a CA-certificate, indicates a name space within which all subject names in subsequent certificates in a certification path must be located.

his extension may, at the option of the certificate issuer, be either critical or non-critical. It is recommended that it be flagged critical, otherwise a certificate user may not check that subsequent certificates in a certification path are located in the name space intended by the issuing CA.

If this extension is present and is flagged critical then a certificate-using system shall check that the certification path being processed is consistent with the value in this extension.

nameConstraints EXTENSION ::= {
	SYNTAX NameConstraintsSyntax
	IDENTIFIED BY id-ce-nameConstraints
}

NameConstraintsSyntax ::= SEQUENCE {
	permittedSubtrees [0] GeneralSubtrees OPTIONAL,
	excludedSubtrees  [1] GeneralSubtrees OPTIONAL
}

GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree

GeneralSubtree ::= SEQUENCE {
	base GeneralName,
	minimum [0] BaseDistance DEFAULT 0,
	maximum [1] BaseDistance OPTIONAL
}

BaseDistance ::= INTEGER (0..MAX)

Superior references

2.5.29 - certificateExtension (id-ce)
2.5 - X.500 Directory Services
2 - ISO/ITU-T jointly assigned OIDs
Top of OID tree

Enter new OIDs into the lists
Incoming OIDs that have not been proofread yet

j.onions@nexor.co.uk

Entered: Fri Mar 21 13:04:40 MET 1997 (not changed manually)