Note that to apply for an OID, you have to be one of the players ISO
recognizes (i.e. MD5 = 1.2.840.113549.2.5 meaning:
ISO.Member_body.US.RSADSI.PKCS#2.MD5 If IETF, IMC, or Network Associates
desires to use ASN1 OIDs, I think it would be useful for them to get an OID
for their company or organization (or add one just for OpenPGP) so they will
be recognized in the hierarchy. Then we can drop in the extra algorithms
under that number.
It's possible for anyone to issue OIDs with a bit of trickery. If it's really
necessary to have an OID for Haval and whatnot I could issue one, but I'd
prefer to try and avoid the currently problem of there being 20 different OID's
for each algorithm - there are a few European initiatives who are assigning
OID's for some of the newer algorithms, the Teletrust project has them for
RIPEMD up to 256 (which I didn't know existed except outside a proposal in the
RIPEMD-128/160 paper), there may be Haval OIDs somewhere as well.
I've been waiting, and asking around, for about a year now for ripemd160WithXXX
OID's, if these don't appear from another source I'll issue them myself,
provided someone actually uses them - if PGP were to go with them I'd be quite
happy to issue OID's for whatever you need (there are already xxxWithElgamal
and elgamalEncryption OID's defined), I just don't want to end up polluting the
OIDspace with another set of unused values.
For an online guide to object IDs (from someone active in the IETF) see
http://www.alvestrand.no/objectid
I've found it rather hard to find things on that site because of the amount of
data there, for a list speficically of crypto-related OID's, have a look at
dumpasn1, http://www.cs.auckland.ac.nz/~pgut001/dumpasn1.{c|cfg} (the cfg file
has the OIDs).
Peter.