| Last updated 30 Dec 2012 |
AllIncontext OID
The Object Identifier (OID) 1.2.826.0.1.4624520 uniquely defines AllIncontext Limited on the Internet. For more detail see the Certificate Of Incorporation. A Digital Certificate only binds to an identity, much like a driving licence or passport, but it does not confer trust. Part of the reason for this is the limited amount of information that is contained in the Digital Certificate.In the AllIncontext Limited Root Certificate Authority certificate, access to more information (which can be used to evaluate trust) is provided by binding the AllIncontext OID to the certificate. This is done by putting the OID into the Subject Alternative Name field of the certificate (and which can be seen on the Details tab of the certificate). This field can have a number of items defined, such as Other Name, a URL and an RFC822Name (which is an Internet Email address).
The Other Name in the certificate is displayed in the form X=Y where X is the OID string. Y is the UTF8 encoding of the string @URL and should be displayed as the string of character pairs:
0c 04 40 55 52 4c
The meaning of this string of characters is as follows:
0c is the hexadecimal value representing the UTF8String universal primitive type (Type 12 in decimal).
04 is the length of string (4 characters).
40 55 52 4c is the hexadecimal for @URL. See the AsciiTable web page if you want to check these values.
04 is the length of string (4 characters).
40 55 52 4c is the hexadecimal for @URL. See the AsciiTable web page if you want to check these values.
We have deliberately kept the UTF8String short to minimize confusion. What it it telling you is to look at the URL defined in the Subject Alternative Name field for more information. The URL is:
http://www.allincontext.com/ac.aspx?src=1.2.826.0.1.4624520.htm
So, we now have the OID bound to the certificate, with the OID pointing to the AllIncontext web site for more information. This allows you to evaluate what level of trust you might give to the AllIncontext Root certificate, and by implication any certificate chain which ends at the Root certificate.
The AllIncontext Limited OID is also displayed in the Company field of the version information of AllIncontext Limited programs (right click on a program and select Properties from the pop-up menu to open the Properties window. Then click on the Version tab and finally click on the Company Item name). Since these programs are signed, the OID in the version information should match the OID in the AllIncontext Limited Root Certificate Authority certificate otherName field. If they do not match you should not run the program.
In Windows Vista and later, User Account Control (UAC) should detect any mismatch between the signature assigned to the program when it was created and the calculation of the signature when you try to run the program. If any attempt is made by a third party to change the OID, for example, UAC should trigger an alert. Report any such incompatibility to certificates@allincontext.com.
The Sub Tree of the AllIncontext Limited OID is defined at the OID 1.2.826.0.1.4624520.1.
AllIncontext Limited is registered in England, No
04624520.
Registered office address: 12-14 High Street, Petersfield, Hampshire, GU32 3JG.
