File: png-dSIG-OID-proposal-20080907.txt

This proposal is a companion to the recently-approved dSIG chunk.

There is a need for countersigners to add comments.
A logical place to put such comments would have been 

  signed-comment OBJECT IDENTIFIER ::= { iso(1) member-body(2)
          us(840) rsadsi(113549) pkcs(1) pkcs9(9) 7 }

which could have been described under paragraph 11 of RFC-3852 [1], but
there is no definition of a signedComment type there.

Therefore we propose to define a signedComment OID here.  For completeness,
we also propose an unsignedComment OID.

The IANA "Private Enterprise Number (PEN)" 1.3.6.1.4.1.31170 was assigned to
the PNG Development Group, and the specification of OIDs in a subtree
under that has been delegated to the PNG Development Group (see [2]).

For dSIG purposes, the following new subtree is proposed:

   1.3.6.1.4.1.31170:      PNG
   1.3.6.1.4.1.31170.1:      dSIG
   1.3.6.1.4.1.31170.1.1:      signeddSIGdata
   1.3.6.1.4.1.31170.1.1.1:      signedComment
   1.3.6.1.4.1.31170.1.2:      unsigneddSIGdata
   1.3.6.1.4.1.31170.1.2.1:      unsignedComment

A future definition might add:
   1.3.6.1.4.1.31170.2:      another PNG category

The new OIDs are described as follows:

   signedComment OBJECT IDENTIFIER ::=
     {
       iso(1) org(3) dod(6) internet(1) private(4) enterprise(1) 
       PNG(31170) dSIG(1) signeddSIGdata(1) signedComment(1)
     }
   unsignedComment OBJECT IDENTIFIER ::=
     {
       iso(1) org(3) dod(6) internet(1) private(4) enterprise(1) 
       PNG(31170) dSIG(1) unsigneddSIGdata(2) unsignedComment(1)
     }

Both types of comment have data type "PrintableString" as
defined in the ASN.1 Basic Encoding Rules (see [3]).

In the future, any other chunks needing to specify ASN.1 OIDs would
have their own subtrees under the PNG PEN, e.g., 1.3.6.1.4.1.31170.2
for a second chunk type.

References:

[1] RFC-3852, R. Housley, Vigil Security, "Cryptographic Message Syntax (CMS)",
available at http://www.ietf.org/rfc/rfc3852.txt

[2] IANA, "PRIVATE ENTERPRISE NUMBERS", available at
http://www.iana.org/assignments/enterprise-numbers

[3] ITU-T Rec. X.680 (07/2002)Information technology -- Abstract
Syntax Notation One (ASN.1): Specification of basic notation,
available at
http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf