[apple/security.git] / doc / Apple_OID_Assignments.rtf

{\rtf1\ansi\ansicpg1252\cocoartf949
{\fonttbl\f0\froman\fcharset0 TimesNewRomanPSMT;\f1\froman\fcharset0 Times-Roman;}
{\colortbl;\red255\green255\blue255;}
{\info
{\title Apple OID Assignments}
{\author Doug Mitchell}
{\*\company Apple Computer, Inc.}}\vieww20400\viewh17580\viewkind0
\deftab720
\pard\pardeftab720\qc\pardirnatural

\f0\fs24 \cf0 Apple OID Assignments\
Last Update 21 January 2008 by Richard Murphy\
\pard\pardeftab720\ql\qnatural\pardirnatural
\cf0 \

\b 1.0
\b0  apple ::=  \{ iso(1) member-body(2) US(840) 113635 \}\
-- 1 2 840 113635\
-- Top level Apple OID\
\
\pard\pardeftab720\li720\ql\qnatural\pardirnatural

\b \cf0 1.1 
\b0 appleDataSecurity ::= \{apple 100\}\
-- 1 2 840 113635 100\
-- Apple Data Security arc\
\
\pard\pardeftab720\li1440\ql\qnatural\pardirnatural

\b \cf0 1.1.1 
\b0 appleTrustPolicy ::= \{appleDataSecurity 1\}\
-- 1 2 840 113635 100 1\
-- Apple Certificate Trust Policies\
\
\pard\pardeftab720\li2160\ql\qnatural\pardirnatural
\cf0 iSignTP ::= \{appleTrustPolicy 1\}\
-- 1 2 840 113635 100 1 1\
-- Apple iSign policy \
\
appleX509Basic ::= \{appleTrustPolicy 2\}\
-- 1 2 840 113635 100 1 2\
-- Apple Basic X.509 Cert Policy\
\
appleSSLPolicy ::= \{appleTrustPolicy 3\}\
-- 1 2 840 113635 100 1 3\
-- Apple SSL Cert Policy\
\
appleLocalCertGenPolicy ::= \{appleTrustPolicy 4\}\
-- 1 2 840 113635 100 1 4\
-- Apple Local Certificate Generation Policy\
\
appleCSRGenPolicy ::= \{appleTrustPolicy 5\}\
-- 1 2 840 113635 100 1 5\
-- Apple Local CSR Generation Policy\
\
appleCRLPolicy ::= \{appleTrustPolicy 6\}\
-- 1 2 840 113635 100 1 6\
-- Apple CRL Revocation Policy\
\
appleOCSPPolicy ::= \{appleTrustPolicy 7\}\
-- 1 2 840 113635 100 1 7\
-- Apple OCSP Revocation Policy\
\
appleSMIMEPolicy ::= \{appleTrustPolicy 8\}\
-- 1 2 840 113635 100 1 8\
-- Apple S/MIME Cert Policy\
\
appleEAPPolicy ::= \{appleTrustPolicy 9\}\
-- 1 2 840 113635 100 1 9\
-- Apple EAP Cert Policy\
\
appleSWUpdateSigningPolicy ::= \{appleTrustPolicy 10\}\
-- Note: this was renamed from appleCodeSigningPolicy on 8/15/06\
-- 1 2 840 113635 100 1 10\
-- Apple Software Update Signing Policy\
\
appleIPSecPolicy ::= \{appleTrustPolicy 11\}\
-- 1 2 840 113635 100 1 11\
-- Apple IPSec Cert Policy\
\
appleIChatPolicy ::= \{appleTrustPolicy 12\}\
-- 1 2 840 113635 100 1 12\
-- Apple iChat Cert Policy\
\
appleResourceSignPolicy ::= \{appleTrustPolicy 13\}\
-- 1 2 840 113635 100 1 13\
-- Apple Resource Sign Cert Policy\
\

\f1 applePKINITClientPolicy ::= \{appleTrustPolicy 14\}\
-- 1 2 840 113635 100 1 14\
-- Apple Kerberos PKINIT Client Cert Policy\
\
applePKINITServerPolicy ::= \{appleTrustPolicy 15\}\
-- 1 2 840 113635 100 1 15\
-- Apple Kerberos PKINIT Server Cert Policy\
\
appleCodeSigningPolicy ::= \{appleTrustPolicy 16\}\
-- 1 2 840 113635 100 1 16\
-- Apple Code Signing Policy\
\
applePackageSigningPolicy ::= \{appleTrustPolicy 17\}\
-- 1 2 840 113635 100 1 17\
-- Apple Package Signing Policy\
\

\f0 \
\pard\pardeftab720\li1440\ql\qnatural\pardirnatural

\b \cf0 1.1.2 
\b0 appleSecurityAlgorithm ::=  \{appleDataSecurity 2\}\
-- 1 2 840 113635 100 2\
-- Apple Security Algorithms\
\
\pard\pardeftab720\li2160\ql\qnatural\pardirnatural
\cf0 appleFEE ::= \{ appleSecurityAlgorithm 1\}\
-- 1 2 840 113635 100 2 1\
-- Apple Fast Elliptic Encryption\
\
appleASC ::= \{ appleSecurityAlgorithm 2\}\
-- 1 2 840 113635 100 2 2\
-- Apple Secure Compression\
\
appleFEE_MD5 ::= \{ appleSecurityAlgorithm 3\}\
-- 1 2 840 113635 100 2 3\
-- Apple FEE with MD5 signature\
\
appleFEE_SHA1::= \{ appleSecurityAlgorithm 4\}\
-- 1 2 840 113635 100 2 4\
-- Apple FEE with MSHA1D5 signature\
\
appleFEED ::= \{ appleSecurityAlgorithm 5\}\
-- 1 2 840 113635 100 2 5\
-- Apple FEE with direct embedding\
\
appleFEEDEXP ::= \{ appleSecurityAlgorithm 6\}\
-- 1 2 840 113635 100 2 6\
-- Apple FEE with direct embedding, experimental\
\
appleECDSA ::= \{ appleSecurityAlgorithm 7\}\
-- 1 2 840 113635 100 2 7\
-- Apple FEE/ECDSA signature\
\
\pard\pardeftab720\li1440\ql\qnatural\pardirnatural

\b \cf0 1.1.3 
\b0 appleDotMacCertificate ::=  \{appleDataSecurity 3\}\
-- 1 2 840 113635 100 3\
-- Apple .mac certificate arc\
\
\pard\pardeftab720\li2160\ql\qnatural\pardirnatural

\b \cf0 1.1.3.1
\b0  dotMacCertificateRequest ::= \{ appleDotMacCertificate 1\}\
-- 1 2 840 113635 100 3 1\
-- Apple .mac certificate request arc\
\
\pard\pardeftab720\li2880\ql\qnatural\pardirnatural
\cf0 dotMacCertReqIdentity ::= \{ dotMacCertificateRequest 1\}\
-- 1 2 840 113635 100 3 1 1\
-- Apple .mac Identity certificate request \
-- Actually Used for encrypted iChat certs; deprecated in Leopard\
\
dotMacCertReqEmailSign ::= \{ dotMacCertificateRequest 2\}\
-- 1 2 840 113635 100 3 1 2\
-- Apple .mac Email Signing certificate request \
\
dotMacCertReqEmailEncrypt ::= \{ dotMacCertificateRequest 3\}\
-- 1 2 840 113635 100 3 1 3\
-- Apple .mac Email Encryption certificate request \
\
dotMacCertReqArchiveList ::= \{ dotMacCertificateRequest 4\}\
-- 1 2 840 113635 100 3 1 4\
-- Apple .mac archive list request \
\
dotMacCertReqArchiveStore ::= \{ dotMacCertificateRequest 5\}\
-- 1 2 840 113635 100 3 1 5\
-- Apple .mac archive store request \
\
dotMacCertReqArchiveFetch ::= \{ dotMacCertificateRequest 6\}\
-- 1 2 840 113635 100 3 1 6\
-- Apple .mac archive fetch request \
\
dotMacCertReqArchiveRemove ::= \{ dotMacCertificateRequest 7\}\
-- 1 2 840 113635 100 3 1 7\
-- Apple .mac archive remove request \
\
dotMacCertReqSign ::= \{ dotMacCertificateRequest 8\}\
-- 1 2 840 113635 100 3 1 8\
-- Apple .mac signing certificate request \
\
\pard\pardeftab720\ql\qnatural\pardirnatural
\cf0 \
\pard\pardeftab720\li2160\ql\qnatural\pardirnatural

\b \cf0 1.1.3.2
\b0  dotMacCertificateExtension ::= \{ appleDotMacCertificate 2\}\
-- 1 2 840 113635 100 3 2\
-- Apple .mac certificate extension arc\
\
\pard\pardeftab720\li2880\ql\qnatural\pardirnatural
\cf0 dotMacCertExtensionIdentity ::= \{ dotMacCertificateExtension 1\}\
-- 1 2 840 113635 100 3 2 1\
-- Apple .mac certificate extended key use: Identity\
\pard\pardeftab720\li2160\ql\qnatural\pardirnatural
\cf0 \
\pard\pardeftab720\li2880\ql\qnatural\pardirnatural
\cf0 dotMacCertExtensionEmailSign ::= \{ dotMacCertificateExtension 2\}\
-- 1 2 840 113635 100 3 2 2\
-- Apple .mac certificate extended key use: Email Signing\
\pard\pardeftab720\li2160\ql\qnatural\pardirnatural
\cf0 \
\pard\pardeftab720\li2880\ql\qnatural\pardirnatural
\cf0 dotMacCertExtensionEmailEncrypt ::= \{ dotMacCertificateExtension 3\}\
-- 1 2 840 113635 100 3 2 3\
-- Apple .mac certificate extended key use: Email Encrypt\
\pard\pardeftab720\li2160\ql\qnatural\pardirnatural
\cf0 \
\pard\pardeftab720\ql\qnatural\pardirnatural
\cf0 \
\pard\pardeftab720\li2160\ql\qnatural\pardirnatural

\b \cf0 1.1.3.3 
\b0 dotMacCertificateRequestValues ::= \{ appleDotMacCertificate 3\}\
-- 1 2 840 113635 100 3 3\
-- Apple .mac certificate request parameter arc\
\
	dotMacCertRequestValueUserName ::= \{ dotMacCertificateRequestValues 1\}\
\pard\pardeftab720\li2880\ql\qnatural\pardirnatural
\cf0 -- 1 2 840 113635 100 3 3 1\
-- Apple .mac certificate request parameter: userName\
\
\pard\pardeftab720\li2160\ql\qnatural\pardirnatural
\cf0 	dotMacCertRequestValuePasssword ::= \{ dotMacCertificateRequestValues 2\}\
\pard\pardeftab720\li2880\ql\qnatural\pardirnatural
\cf0 -- 1 2 840 113635 100 3 3 2\
-- Apple .mac certificate request parameter: password\
\pard\pardeftab720\li2160\ql\qnatural\pardirnatural
\cf0 \
	dotMacCertRequestValueHostName ::= \{ dotMacCertificateRequestValues 3\}\
\pard\pardeftab720\li2880\ql\qnatural\pardirnatural
\cf0 -- 1 2 840 113635 100 3 3 3\
-- Apple .mac certificate request parameter: hostName\
\pard\pardeftab720\li2160\ql\qnatural\pardirnatural
\cf0 \
	dotMacCertRequestValueRenew ::= \{ dotMacCertificateRequestValues 4\}\
\pard\pardeftab720\li2880\ql\qnatural\pardirnatural
\cf0 -- 1 2 840 113635 100 3 3 4\
-- Apple .mac certificate request parameter: Renew flag\
\pard\pardeftab720\li2160\ql\qnatural\pardirnatural
\cf0 \
	dotMacCertRequestValueAsync ::= \{ dotMacCertificateRequestValues 5\}\
\pard\pardeftab720\li2880\ql\qnatural\pardirnatural
\cf0 -- 1 2 840 113635 100 3 3 5\
-- Apple .mac certificate request parameter: asynchronous flag\
\pard\pardeftab720\li2160\ql\qnatural\pardirnatural
\cf0 \
	dotMacCertRequestValueIsPending ::= \{ dotMacCertificateRequestValues 6\}\
\pard\pardeftab720\li2880\ql\qnatural\pardirnatural
\cf0 -- 1 2 840 113635 100 3 3 6\
-- Apple .mac certificate request parameter: poll server for pending request\
\pard\pardeftab720\li2160\ql\qnatural\pardirnatural
\cf0 \
	dotMacCertRequestValueTypeIChat ::= \{ dotMacCertificateRequestValues 7\}\
\pard\pardeftab720\li2880\ql\qnatural\pardirnatural
\cf0 -- 1 2 840 113635 100 3 3 7\
-- Apple .mac certificate request parameter: cert type = iChat\
\pard\pardeftab720\li2160\ql\qnatural\pardirnatural
\cf0 \
	dotMacCertRequestValueTypeSharedServices ::= \
\pard\pardeftab720\li3600\fi720\ql\qnatural\pardirnatural
\cf0 \{ dotMacCertificateRequestValues 8\}\
\pard\pardeftab720\li2880\ql\qnatural\pardirnatural
\cf0 -- 1 2 840 113635 100 3 3 8\
-- Apple .mac certificate request parameter: cert type = Shared Services\
\pard\pardeftab720\li2160\ql\qnatural\pardirnatural
\cf0 \
	dotMacCertRequestValueTypeEmailEncrypt ::= \
\pard\pardeftab720\li3600\fi720\ql\qnatural\pardirnatural
\cf0 \{ dotMacCertificateRequestValues 9\}\
\pard\pardeftab720\li2880\ql\qnatural\pardirnatural
\cf0 -- 1 2 840 113635 100 3 3 9\
-- Apple .mac certificate request parameter: cert type = Email Encryption\
\pard\pardeftab720\li2160\ql\qnatural\pardirnatural
\cf0 \
	dotMacCertRequestValueTypeEmailSigning ::= \
\pard\pardeftab720\li3600\fi720\ql\qnatural\pardirnatural
\cf0 \{ dotMacCertificateRequestValues 10\}\
\pard\pardeftab720\li2880\ql\qnatural\pardirnatural
\cf0 -- 1 2 840 113635 100 3 3 10\
-- Apple .mac certificate request parameter: cert type = Email Signing\
\
\pard\pardeftab720\li2160\ql\qnatural\pardirnatural
\cf0 \
\pard\pardeftab720\li1440\ql\qnatural\pardirnatural
\cf0 \

\b 1.1.4 
\b0 appleExtendedKeyUsage ::= \{appleDataSecurity 4\}\
-- 1 2 840 113635 100 4\
-- Apple Extended Key Usage arc\
\
\pard\pardeftab720\li2160\ql\qnatural\pardirnatural
\cf0 appleCodeSigning ::= \{ appleExtendedKeyUsage 1\}\
-- 1 2 840 113635 100 4 1\
-- Apple Code Signing Extended Key Usage \
\pard\pardeftab720\ql\qnatural\pardirnatural
\cf0 \
\pard\pardeftab720\li2880\ql\qnatural\pardirnatural
\cf0 appleCodeSigningDevelopment ::= \{ appleCodeSigning 1\}\
-- 1 2 840 113635 100 4 1 1\
-- Apple Code Signing Extended Key Usage, Development \
\
appleSoftwareUpdateSigning ::= \{ appleCodeSigning 2\}\
-- 1 2 840 113635 100 4 1 2\
-- Apple Software Update Signing Extended Key Usage\
\
appleCodeSigningThirdParty ::= \{ appleCodeSigning 3\}\
-- 1 2 840 113635 100 4 1 3\
-- Apple Third-Party Code Signing Extended Key Usage\
\
appleResourceSigning ::= \{ appleCodeSigning 4\}\
-- 1 2 840 113635 100 4 1 4\
-- Apple Resource Signing Extended Key Usage\
\
\pard\pardeftab720\li2160\ql\qnatural\pardirnatural
\cf0 appleIChatSigning ::= \{ appleExtendedKeyUsage 2\}\
-- 1 2 840 113635 100 4 2\
-- Apple iChat Signing Extended Key Usage \
\
appleIChatEncryption ::= \{ appleExtendedKeyUsage 3\}\
-- 1 2 840 113635 100 4 3\
-- Apple iChat Encryption Extended Key Usage \
\pard\pardeftab720\ql\qnatural\pardirnatural
\cf0 \
\pard\pardeftab720\li2160\ql\qnatural\pardirnatural
\cf0 appleSystemIdentity ::= \{ appleExtendedKeyUsage 4\}\
-- 1 2 840 113635 100 4 4\
-- Apple System Identity Extended Key Usage \
\pard\pardeftab720\ql\qnatural\pardirnatural
\cf0 \
\pard\pardeftab720\li2160\ql\qnatural\pardirnatural
\cf0 appleCryptoEnv ::= \{ appleExtendedKeyUsage 5\}\
-- 1 2 840 113635 100 4 5\
-- Apple Encryption Environment Extended Key Usage \
\pard\pardeftab720\ql\qnatural\pardirnatural
\cf0 \
\pard\pardeftab720\li2880\ql\qnatural\pardirnatural
\cf0 appleCryptoProductionEnv ::= \{ appleCryptoEnv 1\}\
-- 1 2 840 113635 100 4 5 1\
-- Apple Encryption Production Environment Extended Key Usage \
\pard\pardeftab720\ql\qnatural\pardirnatural
\cf0 \
\pard\pardeftab720\li2880\ql\qnatural\pardirnatural
\cf0 appleCryptoMaintenanceEnv ::= \{ appleCryptoEnv 2\}\
-- 1 2 840 113635 100 4 5 2\
-- Apple Encryption Maintenance Environment Extended Key Usage \
\pard\pardeftab720\ql\qnatural\pardirnatural
\cf0 \
\pard\pardeftab720\li2880\ql\qnatural\pardirnatural
\cf0 appleCryptoTestEnv ::= \{ appleCryptoEnv 3\}\
-- 1 2 840 113635 100 4 5 3\
-- Apple Encryption Test Environment Extended Key Usage \
\pard\pardeftab720\ql\qnatural\pardirnatural
\cf0 \
\pard\pardeftab720\li2880\ql\qnatural\pardirnatural
\cf0 appleCryptoDevelopmentEnv ::= \{ appleCryptoEnv 4\}\
-- 1 2 840 113635 100 4 5 4\
-- Apple Encryption Development Environment Extended Key Usage \
\pard\pardeftab720\ql\qnatural\pardirnatural
\cf0 \
\pard\pardeftab720\li2160\ql\qnatural\pardirnatural
\cf0 appleCryptoQoS ::= \{ appleExtendedKeyUsage 6\}\
-- 1 2 840 113635 100 4 6\
-- Apple Encryption Quality of Service Extended Key Usage \
\pard\pardeftab720\ql\qnatural\pardirnatural
\cf0 \
\pard\pardeftab720\li2880\ql\qnatural\pardirnatural
\cf0 appleCryptoTier0QoS ::= \{ appleCryptoQoS 1\}\
-- 1 2 840 113635 100 4 6 1\
-- Apple Encryption Tier 0 Quality of Service Extended Key Usage \
\pard\pardeftab720\ql\qnatural\pardirnatural
\cf0 \
\pard\pardeftab720\li2880\ql\qnatural\pardirnatural
\cf0 appleCryptoTier0QoS ::= \{ appleCryptoQoS 2\}\
-- 1 2 840 113635 100 4 6 2\
-- Apple Encryption Tier 1 Quality of Service Extended Key Usage \
\pard\pardeftab720\ql\qnatural\pardirnatural
\cf0 \
\pard\pardeftab720\li2880\ql\qnatural\pardirnatural
\cf0 appleCryptoTier0QoS ::= \{ appleCryptoQoS 3\}\
-- 1 2 840 113635 100 4 6 3\
-- Apple Encryption Tier 2 Quality of Service Extended Key Usage \
\pard\pardeftab720\ql\qnatural\pardirnatural
\cf0 \
\pard\pardeftab720\li2880\ql\qnatural\pardirnatural
\cf0 appleCryptoTier0QoS ::= \{ appleCryptoQoS 4\}\
-- 1 2 840 113635 100 4 6 4\
-- Apple Encryption Tier 3 Quality of Service Extended Key Usage \
\pard\pardeftab720\li2160\ql\qnatural\pardirnatural
\cf0 \
\pard\pardeftab720\li1440\ql\qnatural\pardirnatural

\b \cf0 1.1.5 
\b0 appleCertificatePolicies ::= \{appleDataSecurity 5\}\
-- 1 2 840 113635 100 5\
-- Apple Certificate Policies arc\
\
\pard\pardeftab720\li2160\ql\qnatural\pardirnatural
\cf0 appleCertificatePolicyID ::= \{ appleCertificatePolicies 1\}\
-- 1 2 840 113635 100 5 1\
-- Apple Certificate Policy \
\pard\pardeftab720\ql\qnatural\pardirnatural
\cf0 \
\pard\pardeftab720\li2160\ql\qnatural\pardirnatural
\cf0 appleDotMacCertificatePolicyID ::= \{ appleCertificatePolicies 2\}\
-- 1 2 840 113635 100 5 2\
-- Apple .Mac certificate policy ID\
\
appleADCCertificatePolicyID ::= \{ appleCertificatePolicies 3\}\
-- 1 2 840 113635 100 5 3\
-- ADC Certificate Policy\
\
\pard\pardeftab720\li1440\ql\qnatural\pardirnatural

\b \cf0 1.1.6 
\b0 appleCertificateExtensions ::= \{appleDataSecurity 6\}\
-- 1 2 840 113635 100 6\
-- Apple Certificate Extensions arc\
\
	appleCertificateExtensionCodeSigning ::= \{ appleCertificateExtensions 1 \}\
	-- 1 2 840 113635 100 6 1\
	-- Apple Code Signature\
\
		appleCertificateExtensionAppleSigning ::= \{ appleCertificateExtensionCodeSigning 1 \}\
		-- 1 2 840 113635 100 6 1 1\
		-- Apple Released Code Signature\
\
		appleCertificateExtensionADCDeveloperSigning ::= \{ appleCertificateExtensionCodeSigning 2 \}\
		-- 1 2 840 113635 100 6 1 2\
		-- Apple Developer Connection Issued Certificates for Code Signing\
\
		appleCertificateExtensionADCAppleSigning ::= \{ appleCertificateExtensionCodeSigning 3 \}\
		-- 1 2 840 113635 100 6 1 3\
		-- Apple Developer Connection Apple Certificates for Code Signing\
\
\
\pard\pardeftab720\ql\qnatural\pardirnatural
\cf0 \
\
\
\pard\pardeftab720\li1440\ql\qnatural\pardirnatural
\cf0 \
\pard\pardeftab720\ql\qnatural\pardirnatural

\b \cf0 \ul \ulc0 Revision History\
\ulnone \
\ul    Date   \ulnone 	\ul Change    \

\b0 \ulnone 01/21/08	Added Code Signing Critical Certificate Extensions\
04/04/07	Added appleCryptoEnv and appleCryptoQoS ExtendedKeyUse trees
\b \

\b0 09/14/06	Added dotMacCertReqEncryptedIChat, dotMacCertReqCollaboration\
08/16/06	Changes AppleCodeSigningPolicy to appleSWUpdateSigningPolicy\
		Added (new) AppleCodeSigningPolicy\
		Added 
\f1 applePackageSigningPolicy
\f0 \
01/28/05	Added appleCertificatePolicies arc  \
		Moved dotMacCertPolicyID to appleCertificatePolicies arc\
01/25/05	Added dotMacCertPolicyID\
}
Commit	Line	Data
a1cb744e A	1	{\rtf1\ansi\ansicpg1252\cocoartf949
	2	{\fonttbl\f0\froman\fcharset0 TimesNewRomanPSMT;\f1\froman\fcharset0 Times-Roman;}
	3	{\colortbl;\red255\green255\blue255;}
	4	{\info
	5	{\title Apple OID Assignments}
	6	{\author Doug Mitchell}
	7	{\*\company Apple Computer, Inc.}}\vieww20400\viewh17580\viewkind0
	8	\deftab720
	9	\pard\pardeftab720\qc\pardirnatural
	10
	11	\f0\fs24 \cf0 Apple OID Assignments\
	12	Last Update 21 January 2008 by Richard Murphy\
	13	\pard\pardeftab720\ql\qnatural\pardirnatural
	14	\cf0 \
	15
	16	\b 1.0
	17	\b0 apple ::= \{ iso(1) member-body(2) US(840) 113635 \}\
	18	-- 1 2 840 113635\
	19	-- Top level Apple OID\
	20	\
	21	\pard\pardeftab720\li720\ql\qnatural\pardirnatural
	22
	23	\b \cf0 1.1
	24	\b0 appleDataSecurity ::= \{apple 100\}\
	25	-- 1 2 840 113635 100\
	26	-- Apple Data Security arc\
	27	\
	28	\pard\pardeftab720\li1440\ql\qnatural\pardirnatural
	29
	30	\b \cf0 1.1.1
	31	\b0 appleTrustPolicy ::= \{appleDataSecurity 1\}\
	32	-- 1 2 840 113635 100 1\
	33	-- Apple Certificate Trust Policies\
	34	\
	35	\pard\pardeftab720\li2160\ql\qnatural\pardirnatural
	36	\cf0 iSignTP ::= \{appleTrustPolicy 1\}\
	37	-- 1 2 840 113635 100 1 1\
	38	-- Apple iSign policy \
	39	\
	40	appleX509Basic ::= \{appleTrustPolicy 2\}\
	41	-- 1 2 840 113635 100 1 2\
	42	-- Apple Basic X.509 Cert Policy\
	43	\
	44	appleSSLPolicy ::= \{appleTrustPolicy 3\}\
	45	-- 1 2 840 113635 100 1 3\
	46	-- Apple SSL Cert Policy\
	47	\
	48	appleLocalCertGenPolicy ::= \{appleTrustPolicy 4\}\
	49	-- 1 2 840 113635 100 1 4\
	50	-- Apple Local Certificate Generation Policy\
	51	\
	52	appleCSRGenPolicy ::= \{appleTrustPolicy 5\}\
	53	-- 1 2 840 113635 100 1 5\
	54	-- Apple Local CSR Generation Policy\
	55	\
	56	appleCRLPolicy ::= \{appleTrustPolicy 6\}\
	57	-- 1 2 840 113635 100 1 6\
	58	-- Apple CRL Revocation Policy\
	59	\
	60	appleOCSPPolicy ::= \{appleTrustPolicy 7\}\
	61	-- 1 2 840 113635 100 1 7\
	62	-- Apple OCSP Revocation Policy\
	63	\
	64	appleSMIMEPolicy ::= \{appleTrustPolicy 8\}\
65	-- 1 2 840 113635 100 1 8\
66	-- Apple S/MIME Cert Policy\
67	\
68	appleEAPPolicy ::= \{appleTrustPolicy 9\}\
69	-- 1 2 840 113635 100 1 9\
70	-- Apple EAP Cert Policy\
71	\
72	appleSWUpdateSigningPolicy ::= \{appleTrustPolicy 10\}\
73	-- Note: this was renamed from appleCodeSigningPolicy on 8/15/06\
74	-- 1 2 840 113635 100 1 10\
75	-- Apple Software Update Signing Policy\
76	\
77	appleIPSecPolicy ::= \{appleTrustPolicy 11\}\
78	-- 1 2 840 113635 100 1 11\
79	-- Apple IPSec Cert Policy\
80	\
81	appleIChatPolicy ::= \{appleTrustPolicy 12\}\
82	-- 1 2 840 113635 100 1 12\
83	-- Apple iChat Cert Policy\
84	\
85	appleResourceSignPolicy ::= \{appleTrustPolicy 13\}\
86	-- 1 2 840 113635 100 1 13\
87	-- Apple Resource Sign Cert Policy\
88	\
89
90	\f1 applePKINITClientPolicy ::= \{appleTrustPolicy 14\}\
91	-- 1 2 840 113635 100 1 14\
92	-- Apple Kerberos PKINIT Client Cert Policy\
93	\
94	applePKINITServerPolicy ::= \{appleTrustPolicy 15\}\
95	-- 1 2 840 113635 100 1 15\
96	-- Apple Kerberos PKINIT Server Cert Policy\
97	\
98	appleCodeSigningPolicy ::= \{appleTrustPolicy 16\}\
99	-- 1 2 840 113635 100 1 16\
100	-- Apple Code Signing Policy\
101	\
102	applePackageSigningPolicy ::= \{appleTrustPolicy 17\}\
103	-- 1 2 840 113635 100 1 17\
104	-- Apple Package Signing Policy\
105	\
106
107	\f0 \
108	\pard\pardeftab720\li1440\ql\qnatural\pardirnatural
109
110	\b \cf0 1.1.2
111	\b0 appleSecurityAlgorithm ::= \{appleDataSecurity 2\}\
112	-- 1 2 840 113635 100 2\
113	-- Apple Security Algorithms\
114	\
115	\pard\pardeftab720\li2160\ql\qnatural\pardirnatural
116	\cf0 appleFEE ::= \{ appleSecurityAlgorithm 1\}\
117	-- 1 2 840 113635 100 2 1\
118	-- Apple Fast Elliptic Encryption\
119	\
120	appleASC ::= \{ appleSecurityAlgorithm 2\}\
121	-- 1 2 840 113635 100 2 2\
122	-- Apple Secure Compression\
123	\
124	appleFEE_MD5 ::= \{ appleSecurityAlgorithm 3\}\
125	-- 1 2 840 113635 100 2 3\
126	-- Apple FEE with MD5 signature\
127	\
128	appleFEE_SHA1::= \{ appleSecurityAlgorithm 4\}\
129	-- 1 2 840 113635 100 2 4\
130	-- Apple FEE with MSHA1D5 signature\
131	\
132	appleFEED ::= \{ appleSecurityAlgorithm 5\}\
133	-- 1 2 840 113635 100 2 5\
134	-- Apple FEE with direct embedding\
135	\
136	appleFEEDEXP ::= \{ appleSecurityAlgorithm 6\}\
137	-- 1 2 840 113635 100 2 6\
138	-- Apple FEE with direct embedding, experimental\
139	\
140	appleECDSA ::= \{ appleSecurityAlgorithm 7\}\
141	-- 1 2 840 113635 100 2 7\
142	-- Apple FEE/ECDSA signature\
143	\
144	\pard\pardeftab720\li1440\ql\qnatural\pardirnatural
145
146	\b \cf0 1.1.3
147	\b0 appleDotMacCertificate ::= \{appleDataSecurity 3\}\
148	-- 1 2 840 113635 100 3\
149	-- Apple .mac certificate arc\
150	\
151	\pard\pardeftab720\li2160\ql\qnatural\pardirnatural
152
153	\b \cf0 1.1.3.1
154	\b0 dotMacCertificateRequest ::= \{ appleDotMacCertificate 1\}\
155	-- 1 2 840 113635 100 3 1\
156	-- Apple .mac certificate request arc\
157	\
158	\pard\pardeftab720\li2880\ql\qnatural\pardirnatural
159	\cf0 dotMacCertReqIdentity ::= \{ dotMacCertificateRequest 1\}\
160	-- 1 2 840 113635 100 3 1 1\
161	-- Apple .mac Identity certificate request \
162	-- Actually Used for encrypted iChat certs; deprecated in Leopard\
163	\
164	dotMacCertReqEmailSign ::= \{ dotMacCertificateRequest 2\}\
165	-- 1 2 840 113635 100 3 1 2\
166	-- Apple .mac Email Signing certificate request \
167	\
168	dotMacCertReqEmailEncrypt ::= \{ dotMacCertificateRequest 3\}\
169	-- 1 2 840 113635 100 3 1 3\
170	-- Apple .mac Email Encryption certificate request \
171	\
172	dotMacCertReqArchiveList ::= \{ dotMacCertificateRequest 4\}\
173	-- 1 2 840 113635 100 3 1 4\
174	-- Apple .mac archive list request \
175	\
176	dotMacCertReqArchiveStore ::= \{ dotMacCertificateRequest 5\}\
177	-- 1 2 840 113635 100 3 1 5\
178	-- Apple .mac archive store request \
179	\
180	dotMacCertReqArchiveFetch ::= \{ dotMacCertificateRequest 6\}\
181	-- 1 2 840 113635 100 3 1 6\
182	-- Apple .mac archive fetch request \
183	\
184	dotMacCertReqArchiveRemove ::= \{ dotMacCertificateRequest 7\}\
185	-- 1 2 840 113635 100 3 1 7\
186	-- Apple .mac archive remove request \
187	\
188	dotMacCertReqSign ::= \{ dotMacCertificateRequest 8\}\
189	-- 1 2 840 113635 100 3 1 8\
190	-- Apple .mac signing certificate request \
191	\
192	\pard\pardeftab720\ql\qnatural\pardirnatural
193	\cf0 \
194	\pard\pardeftab720\li2160\ql\qnatural\pardirnatural
195
196	\b \cf0 1.1.3.2
197	\b0 dotMacCertificateExtension ::= \{ appleDotMacCertificate 2\}\
198	-- 1 2 840 113635 100 3 2\
199	-- Apple .mac certificate extension arc\
200	\
201	\pard\pardeftab720\li2880\ql\qnatural\pardirnatural
202	\cf0 dotMacCertExtensionIdentity ::= \{ dotMacCertificateExtension 1\}\
203	-- 1 2 840 113635 100 3 2 1\
204	-- Apple .mac certificate extended key use: Identity\
205	\pard\pardeftab720\li2160\ql\qnatural\pardirnatural
206	\cf0 \
207	\pard\pardeftab720\li2880\ql\qnatural\pardirnatural
208	\cf0 dotMacCertExtensionEmailSign ::= \{ dotMacCertificateExtension 2\}\
209	-- 1 2 840 113635 100 3 2 2\
210	-- Apple .mac certificate extended key use: Email Signing\
211	\pard\pardeftab720\li2160\ql\qnatural\pardirnatural
212	\cf0 \
213	\pard\pardeftab720\li2880\ql\qnatural\pardirnatural
214	\cf0 dotMacCertExtensionEmailEncrypt ::= \{ dotMacCertificateExtension 3\}\
215	-- 1 2 840 113635 100 3 2 3\
216	-- Apple .mac certificate extended key use: Email Encrypt\
217	\pard\pardeftab720\li2160\ql\qnatural\pardirnatural
218	\cf0 \
219	\pard\pardeftab720\ql\qnatural\pardirnatural
220	\cf0 \
221	\pard\pardeftab720\li2160\ql\qnatural\pardirnatural
222
223	\b \cf0 1.1.3.3
224	\b0 dotMacCertificateRequestValues ::= \{ appleDotMacCertificate 3\}\
225	-- 1 2 840 113635 100 3 3\
226	-- Apple .mac certificate request parameter arc\
227	\
228	dotMacCertRequestValueUserName ::= \{ dotMacCertificateRequestValues 1\}\
229	\pard\pardeftab720\li2880\ql\qnatural\pardirnatural
230	\cf0 -- 1 2 840 113635 100 3 3 1\
231	-- Apple .mac certificate request parameter: userName\
232	\
233	\pard\pardeftab720\li2160\ql\qnatural\pardirnatural
234	\cf0 dotMacCertRequestValuePasssword ::= \{ dotMacCertificateRequestValues 2\}\
235	\pard\pardeftab720\li2880\ql\qnatural\pardirnatural
236	\cf0 -- 1 2 840 113635 100 3 3 2\
237	-- Apple .mac certificate request parameter: password\
238	\pard\pardeftab720\li2160\ql\qnatural\pardirnatural
239	\cf0 \
240	dotMacCertRequestValueHostName ::= \{ dotMacCertificateRequestValues 3\}\
241	\pard\pardeftab720\li2880\ql\qnatural\pardirnatural
242	\cf0 -- 1 2 840 113635 100 3 3 3\
243	-- Apple .mac certificate request parameter: hostName\
244	\pard\pardeftab720\li2160\ql\qnatural\pardirnatural
245	\cf0 \
246	dotMacCertRequestValueRenew ::= \{ dotMacCertificateRequestValues 4\}\
247	\pard\pardeftab720\li2880\ql\qnatural\pardirnatural
248	\cf0 -- 1 2 840 113635 100 3 3 4\
249	-- Apple .mac certificate request parameter: Renew flag\
250	\pard\pardeftab720\li2160\ql\qnatural\pardirnatural
251	\cf0 \
252	dotMacCertRequestValueAsync ::= \{ dotMacCertificateRequestValues 5\}\
253	\pard\pardeftab720\li2880\ql\qnatural\pardirnatural
254	\cf0 -- 1 2 840 113635 100 3 3 5\
255	-- Apple .mac certificate request parameter: asynchronous flag\
256	\pard\pardeftab720\li2160\ql\qnatural\pardirnatural
257	\cf0 \
258	dotMacCertRequestValueIsPending ::= \{ dotMacCertificateRequestValues 6\}\
259	\pard\pardeftab720\li2880\ql\qnatural\pardirnatural
260	\cf0 -- 1 2 840 113635 100 3 3 6\
261	-- Apple .mac certificate request parameter: poll server for pending request\
262	\pard\pardeftab720\li2160\ql\qnatural\pardirnatural
263	\cf0 \
264	dotMacCertRequestValueTypeIChat ::= \{ dotMacCertificateRequestValues 7\}\
265	\pard\pardeftab720\li2880\ql\qnatural\pardirnatural
266	\cf0 -- 1 2 840 113635 100 3 3 7\
267	-- Apple .mac certificate request parameter: cert type = iChat\
268	\pard\pardeftab720\li2160\ql\qnatural\pardirnatural
269	\cf0 \
270	dotMacCertRequestValueTypeSharedServices ::= \
271	\pard\pardeftab720\li3600\fi720\ql\qnatural\pardirnatural
272	\cf0 \{ dotMacCertificateRequestValues 8\}\
273	\pard\pardeftab720\li2880\ql\qnatural\pardirnatural
274	\cf0 -- 1 2 840 113635 100 3 3 8\
275	-- Apple .mac certificate request parameter: cert type = Shared Services\
276	\pard\pardeftab720\li2160\ql\qnatural\pardirnatural
277	\cf0 \
278	dotMacCertRequestValueTypeEmailEncrypt ::= \
279	\pard\pardeftab720\li3600\fi720\ql\qnatural\pardirnatural
280	\cf0 \{ dotMacCertificateRequestValues 9\}\
281	\pard\pardeftab720\li2880\ql\qnatural\pardirnatural
282	\cf0 -- 1 2 840 113635 100 3 3 9\
283	-- Apple .mac certificate request parameter: cert type = Email Encryption\
284	\pard\pardeftab720\li2160\ql\qnatural\pardirnatural
285	\cf0 \
286	dotMacCertRequestValueTypeEmailSigning ::= \
287	\pard\pardeftab720\li3600\fi720\ql\qnatural\pardirnatural
288	\cf0 \{ dotMacCertificateRequestValues 10\}\
289	\pard\pardeftab720\li2880\ql\qnatural\pardirnatural
290	\cf0 -- 1 2 840 113635 100 3 3 10\
291	-- Apple .mac certificate request parameter: cert type = Email Signing\
292	\
293	\pard\pardeftab720\li2160\ql\qnatural\pardirnatural
294	\cf0 \
295	\pard\pardeftab720\li1440\ql\qnatural\pardirnatural
296	\cf0 \
297
298	\b 1.1.4
299	\b0 appleExtendedKeyUsage ::= \{appleDataSecurity 4\}\
300	-- 1 2 840 113635 100 4\
301	-- Apple Extended Key Usage arc\
302	\
303	\pard\pardeftab720\li2160\ql\qnatural\pardirnatural
304	\cf0 appleCodeSigning ::= \{ appleExtendedKeyUsage 1\}\
305	-- 1 2 840 113635 100 4 1\
306	-- Apple Code Signing Extended Key Usage \
307	\pard\pardeftab720\ql\qnatural\pardirnatural
308	\cf0 \
309	\pard\pardeftab720\li2880\ql\qnatural\pardirnatural
310	\cf0 appleCodeSigningDevelopment ::= \{ appleCodeSigning 1\}\
311	-- 1 2 840 113635 100 4 1 1\
312	-- Apple Code Signing Extended Key Usage, Development \
313	\
314	appleSoftwareUpdateSigning ::= \{ appleCodeSigning 2\}\
315	-- 1 2 840 113635 100 4 1 2\
316	-- Apple Software Update Signing Extended Key Usage\
317	\
318	appleCodeSigningThirdParty ::= \{ appleCodeSigning 3\}\
319	-- 1 2 840 113635 100 4 1 3\
320	-- Apple Third-Party Code Signing Extended Key Usage\
321	\
322	appleResourceSigning ::= \{ appleCodeSigning 4\}\
323	-- 1 2 840 113635 100 4 1 4\
324	-- Apple Resource Signing Extended Key Usage\
325	\
326	\pard\pardeftab720\li2160\ql\qnatural\pardirnatural
327	\cf0 appleIChatSigning ::= \{ appleExtendedKeyUsage 2\}\
328	-- 1 2 840 113635 100 4 2\
329	-- Apple iChat Signing Extended Key Usage \
330	\
331	appleIChatEncryption ::= \{ appleExtendedKeyUsage 3\}\
332	-- 1 2 840 113635 100 4 3\
333	-- Apple iChat Encryption Extended Key Usage \
334	\pard\pardeftab720\ql\qnatural\pardirnatural
335	\cf0 \
336	\pard\pardeftab720\li2160\ql\qnatural\pardirnatural
337	\cf0 appleSystemIdentity ::= \{ appleExtendedKeyUsage 4\}\
338	-- 1 2 840 113635 100 4 4\
339	-- Apple System Identity Extended Key Usage \
340	\pard\pardeftab720\ql\qnatural\pardirnatural
341	\cf0 \
342	\pard\pardeftab720\li2160\ql\qnatural\pardirnatural
343	\cf0 appleCryptoEnv ::= \{ appleExtendedKeyUsage 5\}\
344	-- 1 2 840 113635 100 4 5\
345	-- Apple Encryption Environment Extended Key Usage \
346	\pard\pardeftab720\ql\qnatural\pardirnatural
347	\cf0 \
348	\pard\pardeftab720\li2880\ql\qnatural\pardirnatural
349	\cf0 appleCryptoProductionEnv ::= \{ appleCryptoEnv 1\}\
350	-- 1 2 840 113635 100 4 5 1\
351	-- Apple Encryption Production Environment Extended Key Usage \
352	\pard\pardeftab720\ql\qnatural\pardirnatural
353	\cf0 \
354	\pard\pardeftab720\li2880\ql\qnatural\pardirnatural
355	\cf0 appleCryptoMaintenanceEnv ::= \{ appleCryptoEnv 2\}\
356	-- 1 2 840 113635 100 4 5 2\
357	-- Apple Encryption Maintenance Environment Extended Key Usage \
358	\pard\pardeftab720\ql\qnatural\pardirnatural
359	\cf0 \
360	\pard\pardeftab720\li2880\ql\qnatural\pardirnatural
361	\cf0 appleCryptoTestEnv ::= \{ appleCryptoEnv 3\}\
362	-- 1 2 840 113635 100 4 5 3\
363	-- Apple Encryption Test Environment Extended Key Usage \
364	\pard\pardeftab720\ql\qnatural\pardirnatural
365	\cf0 \
366	\pard\pardeftab720\li2880\ql\qnatural\pardirnatural
367	\cf0 appleCryptoDevelopmentEnv ::= \{ appleCryptoEnv 4\}\
368	-- 1 2 840 113635 100 4 5 4\
369	-- Apple Encryption Development Environment Extended Key Usage \
370	\pard\pardeftab720\ql\qnatural\pardirnatural
371	\cf0 \
372	\pard\pardeftab720\li2160\ql\qnatural\pardirnatural
373	\cf0 appleCryptoQoS ::= \{ appleExtendedKeyUsage 6\}\
374	-- 1 2 840 113635 100 4 6\
375	-- Apple Encryption Quality of Service Extended Key Usage \
376	\pard\pardeftab720\ql\qnatural\pardirnatural
377	\cf0 \
378	\pard\pardeftab720\li2880\ql\qnatural\pardirnatural
379	\cf0 appleCryptoTier0QoS ::= \{ appleCryptoQoS 1\}\
380	-- 1 2 840 113635 100 4 6 1\
381	-- Apple Encryption Tier 0 Quality of Service Extended Key Usage \
382	\pard\pardeftab720\ql\qnatural\pardirnatural
383	\cf0 \
384	\pard\pardeftab720\li2880\ql\qnatural\pardirnatural
385	\cf0 appleCryptoTier0QoS ::= \{ appleCryptoQoS 2\}\
386	-- 1 2 840 113635 100 4 6 2\
387	-- Apple Encryption Tier 1 Quality of Service Extended Key Usage \
388	\pard\pardeftab720\ql\qnatural\pardirnatural
389	\cf0 \
390	\pard\pardeftab720\li2880\ql\qnatural\pardirnatural
391	\cf0 appleCryptoTier0QoS ::= \{ appleCryptoQoS 3\}\
392	-- 1 2 840 113635 100 4 6 3\
393	-- Apple Encryption Tier 2 Quality of Service Extended Key Usage \
394	\pard\pardeftab720\ql\qnatural\pardirnatural
395	\cf0 \
396	\pard\pardeftab720\li2880\ql\qnatural\pardirnatural
397	\cf0 appleCryptoTier0QoS ::= \{ appleCryptoQoS 4\}\
398	-- 1 2 840 113635 100 4 6 4\
399	-- Apple Encryption Tier 3 Quality of Service Extended Key Usage \
400	\pard\pardeftab720\li2160\ql\qnatural\pardirnatural
401	\cf0 \
402	\pard\pardeftab720\li1440\ql\qnatural\pardirnatural
403
404	\b \cf0 1.1.5
405	\b0 appleCertificatePolicies ::= \{appleDataSecurity 5\}\
406	-- 1 2 840 113635 100 5\
407	-- Apple Certificate Policies arc\
408	\
409	\pard\pardeftab720\li2160\ql\qnatural\pardirnatural
410	\cf0 appleCertificatePolicyID ::= \{ appleCertificatePolicies 1\}\
411	-- 1 2 840 113635 100 5 1\
412	-- Apple Certificate Policy \
413	\pard\pardeftab720\ql\qnatural\pardirnatural
414	\cf0 \
415	\pard\pardeftab720\li2160\ql\qnatural\pardirnatural
416	\cf0 appleDotMacCertificatePolicyID ::= \{ appleCertificatePolicies 2\}\
417	-- 1 2 840 113635 100 5 2\
418	-- Apple .Mac certificate policy ID\
419	\
420	appleADCCertificatePolicyID ::= \{ appleCertificatePolicies 3\}\
421	-- 1 2 840 113635 100 5 3\
422	-- ADC Certificate Policy\
423	\
424	\pard\pardeftab720\li1440\ql\qnatural\pardirnatural
425
426	\b \cf0 1.1.6
427	\b0 appleCertificateExtensions ::= \{appleDataSecurity 6\}\
428	-- 1 2 840 113635 100 6\
429	-- Apple Certificate Extensions arc\
430	\
431	appleCertificateExtensionCodeSigning ::= \{ appleCertificateExtensions 1 \}\
432	-- 1 2 840 113635 100 6 1\
433	-- Apple Code Signature\
434	\
435	appleCertificateExtensionAppleSigning ::= \{ appleCertificateExtensionCodeSigning 1 \}\
436	-- 1 2 840 113635 100 6 1 1\
437	-- Apple Released Code Signature\
438	\
439	appleCertificateExtensionADCDeveloperSigning ::= \{ appleCertificateExtensionCodeSigning 2 \}\
440	-- 1 2 840 113635 100 6 1 2\
441	-- Apple Developer Connection Issued Certificates for Code Signing\
442	\
443	appleCertificateExtensionADCAppleSigning ::= \{ appleCertificateExtensionCodeSigning 3 \}\
444	-- 1 2 840 113635 100 6 1 3\
445	-- Apple Developer Connection Apple Certificates for Code Signing\
446	\
447	\
448	\pard\pardeftab720\ql\qnatural\pardirnatural
449	\cf0 \
450	\
451	\
452	\pard\pardeftab720\li1440\ql\qnatural\pardirnatural
453	\cf0 \
454	\pard\pardeftab720\ql\qnatural\pardirnatural
455
456	\b \cf0 \ul \ulc0 Revision History\
457	\ulnone \
458	\ul Date \ulnone \ul Change \
459
460	\b0 \ulnone 01/21/08 Added Code Signing Critical Certificate Extensions\
461	04/04/07 Added appleCryptoEnv and appleCryptoQoS ExtendedKeyUse trees
462	\b \
463
464	\b0 09/14/06 Added dotMacCertReqEncryptedIChat, dotMacCertReqCollaboration\
465	08/16/06 Changes AppleCodeSigningPolicy to appleSWUpdateSigningPolicy\
466	Added (new) AppleCodeSigningPolicy\
467	Added
468	\f1 applePackageSigningPolicy
469	\f0 \
470	01/28/05 Added appleCertificatePolicies arc \
471	Moved dotMacCertPolicyID to appleCertificatePolicies arc\
472	01/25/05 Added dotMacCertPolicyID\
473	}