Identification of The DVCS
In order to be able to import elements from dvcs the following object identifier is used as a ASN.1 module identifier.
id-mod-dvcs OBJECT IDENTIFIER ::= {iso(1) identified-organization(3)dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) 15}
The DVCS that use SignedData to provide authentication for DVCs MUST sign all data certification messages with a key whose corresponding certificate MUST contain the extended key usage field extension as defined in Section 4.2.1.14 with KeyPurposeID having value id-kp-dvcs. This extension MUST be marked as critical. The Data Validation Certificate MUST contain an ESSCertID authenticated attribute for the certificate used by the DVCS for signing.
id-kp-dvcs OBJECT IDENTIFIER ::= {iso(1) identified-organization(3)dod(6) internet(1) security(5) mechanisms(5) pkix(7) kp(3) 10}
Consistent KeyUsage bits: digitalSignature, nonRepudiation, keyCertSign, cRLSign
A DVCS's certificate MAY contain an Authority Information Access extension in order to convey the method of contacting the DVCS. The accessMethod field in this extension MUST contain the OID id-ad-dvcs:
id-ad-dvcs OBJECT IDENTIFIER ::= {iso(1) identified-organization(3)dod(6) internet(1) security(5) mechanisms(5) pkix(7) ad(48) 4}
The value of the 'accessLocation' field defines the transport (e.g. an URI) used to access the DVCS.
Read more about this topic: Data Validation And Certification Server