Public Notary Transparency 2021-08-04 2021-12-14 Unassigned 0x00-0xDF Specification Required 0xE0-0xEF Experimental Use 0xF0-0xFF Private Use 0x00 SHA-256 2.16.840.1.101.3.4.2.1 0x01-0xDF Unassigned 0xE0-0xEF Reserved for Experimental Use 0xF0-0xFF Reserved for Private Use Unassigned This is a subset of the "TLS SignatureScheme" registry, limited to those algorithms that are appropriate for CT. A major advantage of this is leveraging the expertise of the TLS Working Group and its designated expert(s). The value 0x0403 appears twice. While this may be confusing, it is okay because the verification process is the same for both algorithms, and the choice of which to use when generating a signature is purely internal to the log server. 0x0000-0x0807 Specification Required 0x0808-0xFDFF Expert Review 0xFE00-0xFEFF Experimental Use 0xFF00-0xFFFF Private Use 0x0000-0x0402 Unassigned ecdsa_secp256r1_sha256 (0x0403) ECDSA (NIST P-256) with SHA-256 FIPS186-4 ecdsa_secp256r1_sha256 (0x0403) Deterministic ECDSA (NIST P-256) with HMAC-SHA256 0x0404-0x0806 Unassigned ed25519 (0x0807) Ed25519 (PureEdDSA with the edwards25519 curve) 0x0808-0xFDFF Unassigned 0xFE00-0xFEFF Reserved for Experimental Use 0xFF00-0xFFFF Reserved for Private Use Unassigned The range 0x0000-0x00FF is reserved so that v1 SCTs are distinguishable from v2 SCTs and other TransItem structures. 0x0100-0xDFFF Specification Required 0xE000-0xEFFF Experimental Use 0xF000-0xFFFF Private Use 0x0000-0x00FF Reserved 0x0100 x509_entry_v2 0x0101 precert_entry_v2 0x0102 x509_sct_v2 0x0103 precert_sct_v2 0x0104 signed_tree_head_v2 0x0105 consistency_proof_v2 0x0106 inclusion_proof_v2 0x0107-0xDFFF Unassigned 0xE000-0xEFFF Reserved for Experimental Use 0xF000-0xFFFF Reserved for Private Use Unassigned 0x0000-0xDFFF Specification Required 0xE000-0xEFFF Experimental Use 0xF000-0xFFFF Private Use 0x0000-0xDFFF Unassigned n/a 0xE000-0xEFFF Reserved for Experimental Use n/a 0xF000-0xFFFF Reserved for Private Use n/a First Come First Served All OIDs in the range from 1.3.101.8192 to 1.3.101.16383 have been set aside for Log IDs. This is a limited resource of 8,192 OIDs, each of which has an encoded length of 4 octets. The 1.3.101.80 arc has also been set aside for Log IDs. This is an unlimited resource, but only the 128 OIDs from 1.3.101.80.0 to 1.3.101.80.127 have an encoded length of only 4 octets. 1.3.101.8192-1.3.101.16383 Unassigned Unassigned 1.3.101.80.0-1.3.101.80.* Unassigned Unassigned Unassigned Specification Required malformed The request could not be parsed. badSubmission submission is neither a valid certificate nor a valid precertificate. badType type is neither 1 nor 2. badChain The first element of chain is not the certifier of the submission, or the second element does not certify the first, etc. badCertificate One or more certificates in the chain are not valid (e.g., not properly encoded). unknownAnchor The last element of chain (or, if chain is an empty array, the submission) is not, and nor is it certified by, an accepted trust anchor. shutdown The log is no longer accepting submissions. firstUnknown first is before the latest known STH but is not from an existing STH. secondUnknown second is before the latest known STH but is not from an existing STH. secondBeforeFirst second is smaller than first. hashUnknown hash is not the hash of a known leaf (may be caused by skew or by a known certificate not yet merged). treeSizeUnknown hash is before the latest known STH but is not from an existing STH. startUnknown start is greater than the number of entries in the Merkle Tree. endBeforeStart start cannot be greater than end.