Internet Assigned Numbers Authority Public Notary Transparency Created 2021-08-04 Last Updated 2021-12-14 Available Formats [IMG] XML [IMG] HTML [IMG] Plain text Registries included below * Hash Algorithms * Signature Algorithms * VersionedTransTypes * Log Artifact Extensions * Log IDs * Error Types Hash Algorithms Expert(s) Unassigned Reference [RFC9162] Available Formats [IMG] CSV Range Registration Procedures 0x00-0xDF Specification Required 0xE0-0xEF Experimental Use 0xF0-0xFF Private Use Value Hash Algorithm OID Reference 0x00 SHA-256 2.16.840.1.101.3.4.2.1 [RFC6234] 0x01-0xDF Unassigned 0xE0-0xEF Reserved for Experimental Use [RFC9162] 0xF0-0xFF Reserved for Private Use [RFC9162] Signature Algorithms Expert(s) Unassigned Reference [RFC9162] Note This is a subset of the "TLS SignatureScheme" registry, limited to those algorithms that are appropriate for CT. A major advantage of this is leveraging the expertise of the TLS Working Group and its designated expert(s). Note The value 0x0403 appears twice. While this may be confusing, it is okay because the verification process is the same for both algorithms, and the choice of which to use when generating a signature is purely internal to the log server. Available Formats [IMG] CSV Range Registration Procedures 0x0000-0x0807 Specification Required 0x0808-0xFDFF Expert Review 0xFE00-0xFEFF Experimental Use 0xFF00-0xFFFF Private Use SignatureScheme Value Signature Algorithm Reference 0x0000-0x0402 Unassigned ecdsa_secp256r1_sha256 (0x0403) ECDSA (NIST P-256) with SHA-256 [FIPS186-4] ecdsa_secp256r1_sha256 (0x0403) Deterministic ECDSA (NIST P-256) with HMAC-SHA256 [RFC6979] 0x0404-0x0806 Unassigned ed25519 (0x0807) Ed25519 (PureEdDSA with the edwards25519 curve) [RFC8032] 0x0808-0xFDFF Unassigned 0xFE00-0xFEFF Reserved for Experimental Use [RFC9162] 0xFF00-0xFFFF Reserved for Private Use [RFC9162] VersionedTransTypes Expert(s) Unassigned Reference [RFC9162] Note The range 0x0000-0x00FF is reserved so that v1 SCTs are distinguishable from v2 SCTs and other TransItem structures. Available Formats [IMG] CSV Range Registration Procedures 0x0100-0xDFFF Specification Required 0xE000-0xEFFF Experimental Use 0xF000-0xFFFF Private Use Value Type and Version Reference 0x0000-0x00FF Reserved [RFC6962] 0x0100 x509_entry_v2 [RFC9162] 0x0101 precert_entry_v2 [RFC9162] 0x0102 x509_sct_v2 [RFC9162] 0x0103 precert_sct_v2 [RFC9162] 0x0104 signed_tree_head_v2 [RFC9162] 0x0105 consistency_proof_v2 [RFC9162] 0x0106 inclusion_proof_v2 [RFC9162] 0x0107-0xDFFF Unassigned 0xE000-0xEFFF Reserved for Experimental Use [RFC9162] 0xF000-0xFFFF Reserved for Private Use [RFC9162] Log Artifact Extensions Expert(s) Unassigned Reference [RFC9162] Available Formats [IMG] CSV Range Registration Procedures 0x0000-0xDFFF Specification Required 0xE000-0xEFFF Experimental Use 0xF000-0xFFFF Private Use ExtensionType Status Use Reference 0x0000-0xDFFF Unassigned n/a 0xE000-0xEFFF Reserved for Experimental Use n/a [RFC9162] 0xF000-0xFFFF Reserved for Private Use n/a [RFC9162] Log IDs Registration Procedure(s) First Come First Served Reference [RFC9162] Note All OIDs in the range from 1.3.101.8192 to 1.3.101.16383 have been set aside for Log IDs. This is a limited resource of 8,192 OIDs, each of which has an encoded length of 4 octets. Note The 1.3.101.80 arc has also been set aside for Log IDs. This is an unlimited resource, but only the 128 OIDs from 1.3.101.80.0 to 1.3.101.80.127 have an encoded length of only 4 octets. Available Formats [IMG] CSV Log ID Log Base URL Log Operator Reference 1.3.101.8192-1.3.101.16383 Unassigned Unassigned 1.3.101.80.0-1.3.101.80.* Unassigned Unassigned Error Types Registration Procedure(s) Specification Required Expert(s) Unassigned Reference [RFC9162] Available Formats [IMG] CSV Identifier Meaning Reference malformed The request could not be parsed. [RFC9162] badSubmission submission is neither a valid certificate nor a valid precertificate. [RFC9162] badType type is neither 1 nor 2. [RFC9162] badChain The first element of chain is not the certifier of the submission, or the second element does not certify the first, [RFC9162] etc. badCertificate One or more certificates in the chain are not valid (e.g., not properly encoded). [RFC9162] unknownAnchor The last element of chain (or, if chain is an empty array, the submission) is not, and nor is it certified by, an [RFC9162] accepted trust anchor. shutdown The log is no longer accepting submissions. [RFC9162] firstUnknown first is before the latest known STH but is not from an existing STH. [RFC9162] secondUnknown second is before the latest known STH but is not from an existing STH. [RFC9162] secondBeforeFirst second is smaller than first. [RFC9162] hashUnknown hash is not the hash of a known leaf (may be caused by skew or by a known certificate not yet merged). [RFC9162] treeSizeUnknown hash is before the latest known STH but is not from an existing STH. [RFC9162] startUnknown start is greater than the number of entries in the Merkle Tree. [RFC9162] endBeforeStart start cannot be greater than end. [RFC9162] Licensing Terms