2.5.29.30 - Name Constraints

Submitted by j.onions at nexor.co.uk from host trident.nexor.co.uk (128.243.9.9) on Fri Mar 21 13:04:40 MET 1997 using a WWW entry form.

OID value: 2.5.29.30

OID description:
id-ce-nameConstraints

This extension which shall be used only in a CA-certificate, indicates a name space within which all subject names in subsequent certificates in a certification path must be located.

his extension may, at the option of the certificate issuer, be either critical or non-critical. It is recommended that it be flagged critical, otherwise a certificate user may not check that subsequent certificates in a certification path are located in the name space intended by the issuing CA.

If this extension is present and is flagged critical then a certificate-using system shall check that the certification path being processed is consistent with the value in this extension. 

nameConstraints EXTENSION ::= {
	SYNTAX NameConstraintsSyntax
	IDENTIFIED BY id-ce-nameConstraints
}

NameConstraintsSyntax ::= SEQUENCE {
	permittedSubtrees [0] GeneralSubtrees OPTIONAL,
	excludedSubtrees  [1] GeneralSubtrees OPTIONAL
}

GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree

GeneralSubtree ::= SEQUENCE {
	base GeneralName,
	minimum [0] BaseDistance DEFAULT 0,
	maximum [1] BaseDistance OPTIONAL
}

BaseDistance ::= INTEGER (0..MAX)

See also the OID Repository website reference for 2.5.29.30

Superior references

Search for text in all OIDs starting with 2.5.29.30:

Go to the top node if you need to search all entries.
Tell me about OIDs you know about
Incoming OIDs that have not been proofread yet
j.onions@nexor.co.uk
Entered: Fri Mar 21 13:04:40 MET 1997 (not changed manually)