[Date Prev][Date Next]
Re: Private OID range(s) ?
Le 2/26/12 3:48 PM, Hallvard B Furuseth a Ãcrit :
Emmanuel Lecharny <firstname.lastname@example.org> wrote:
For completness, the reason OIDs are starting with 0, 1 or 2 and
nothing else is that the two first numbers are encoded in one byte.
Using a higher value is not a good idea.
Not quite. Been reading _A Layman's Guide to a Subset of ASN.1, BER,
and DER_? It has some errors.
For the two first OID components X.Y, Y must be < 40 if X < 2, and
X must be <= 2. If X = 2, Y can be any nonnegative number.
That's because BER stores each OID component is stored as an integer,
except the two first components are stored as one integer 40X+Y.
It's a space optimization which the inventors later came to regret.
Also it's preferable to keep 40X+Y and each component < 2**31, in
case your OIDs meet some implementation which stores each component
as a machine integer.
LDAP itself does not use BER format for OIDs, it sends the text
format. Except in a few places like certificates.
I should have double checked my (6 years old) facts :)
Thanks Hallvard !