Re: Private OID range(s) ?

[Hallvard B Furuseth <h.b.furuseth@usit.uio.no>]

Emmanuel Lecharny <elecharny@apache.org> wrote:
> For completness, the reason OIDs are starting with 0, 1 or 2 and
> nothing else is that the two first numbers are encoded in one byte.
> Using a higher value is not a good idea.

Not quite.  Been reading _A Layman's Guide to a Subset of ASN.1, BER,
and DER_?  It has some errors.

For the two first OID components X.Y, Y must be < 40 if X < 2, and
X must be <= 2.  If X = 2, Y can be any nonnegative number.

That's because BER stores each OID component is stored as an integer,
except the two first components are stored as one integer 40X+Y.
It's a space optimization which the inventors later came to regret.

Also it's preferable to keep 40X+Y and each component < 2**31, in
case your OIDs meet some implementation which stores each component
as a machine integer.

LDAP itself does not use BER format for OIDs, it sends the text
format.  Except in a few places like certificates.

--
Hallvard