The ITU Service Rich refers to is the TELEDOC Auto-Answer
Mailbox (TAM), I put a Users Guide up for anonymous FTP on
osi.ncsl.nist.gov (129.6.48.100) in
pub/oiw/dssig/CCITT-TeledocUserGuide.txt
Last I checked neither the X.500 nor F.500 docs were
there, but that may have changed. Certainly the 1993
recommendations will be a while in coming.
The Certificate format has changed slightly since the
DIS text Rich quotes, and in the ways he suggested.
The relevant productions follow:
__________________________________
From ISO/IEC 9594-8 (1993 E), with one typo corrected:
Certificate ::= SIGNED { SEQUENCE {
version [0] Version DEFAULT v1,
serialNumber CertificateSerialNumber,
signature AlgorithmIdentifier,
issuer Name,
validity Validity,
subject Name,
subjectPublicKeyInfo SubjectPublicKeyInfo,
issuerUniqueIdentifier [1] IMPLICIT UniqueIdentifier OPTIONAL,
-- if present, version must be v2
subjectUniqueIdentifier [2] IMPLICIT UniqueIdentifier OPTIONAL
-- if present, version must be v2 -- }}
Version ::= INTEGER { v1(0), v2(1) }
CertificateSerialNumber ::= INTEGER
AlgorithmIdentifier ::= SEQUENCE {
algorithm ALGORITHM.&id ({SupportedAlgorithms}),
parameters ALGORITHM.&Type ({SupportedAlgorithms}{
@algorithm}) OPTIONAL }
-- Definition of the following information object set is deferred, perhaps
to standardized
-- profiles or to protocol implementation conformance statements. The set
is required to
-- specify a table constraint on the parameters component of
AlgorithmIdentifier.
-- SupportedAlgorithms ALGORITHM ::= { ... | ... }
__________________________________
From ISO/IEC 9594-6 (1993 E):
uniqueIdentifier ATTRIBUTE ::= {
WITH SYNTAX UniqueIdentifier
EQUALITY MATCHING RULE BitStringMatch
ID { id-at-uniqueIdentifier } }
UniqueIdentifier ::= BIT STRING
__________________________________
--
KENR(_at_)SHL(_dot_)COM
Systemhouse