Emmanuel Lecharny elecharny@apache.org wrote:
For completness, the reason OIDs are starting with 0, 1 or 2 and nothing else is that the two first numbers are encoded in one byte. Using a higher value is not a good idea.
Not quite. Been reading _A Layman's Guide to a Subset of ASN.1, BER, and DER_? It has some errors.
For the two first OID components X.Y, Y must be < 40 if X < 2, and X must be <= 2. If X = 2, Y can be any nonnegative number.
That's because BER stores each OID component is stored as an integer, except the two first components are stored as one integer 40X+Y. It's a space optimization which the inventors later came to regret.
Also it's preferable to keep 40X+Y and each component < 2**31, in case your OIDs meet some implementation which stores each component as a machine integer.
LDAP itself does not use BER format for OIDs, it sends the text format. Except in a few places like certificates.