[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Private OID range(s) ?

Le 2/26/12 3:48 PM, Hallvard B Furuseth a Ãcrit :
Emmanuel Lecharny <elecharny@apache.org> wrote:
For completness, the reason OIDs are starting with 0, 1 or 2 and
nothing else is that the two first numbers are encoded in one byte.
Using a higher value is not a good idea.

Not quite.  Been reading _A Layman's Guide to a Subset of ASN.1, BER,
and DER_?  It has some errors.

For the two first OID components X.Y, Y must be < 40 if X < 2, and
X must be <= 2.  If X = 2, Y can be any nonnegative number.

That's because BER stores each OID component is stored as an integer,
except the two first components are stored as one integer 40X+Y.
It's a space optimization which the inventors later came to regret.

Also it's preferable to keep 40X+Y and each component < 2**31, in
case your OIDs meet some implementation which stores each component
as a machine integer.

LDAP itself does not use BER format for OIDs, it sends the text
format.  Except in a few places like certificates.
I should have double checked my (6 years old) facts :)

Thanks Hallvard !

Emmanuel LÃcharny