TCG DEFINITIONS ::= BEGIN

-- BEGIN Heimdal commentary
--
-- Copy-pasted from section 4 of
--   https://trustedcomputinggroup.org/wp-content/uploads/TCG_IWG_EKCredentialProfile_v2p3_r2_pub.pdf
--   https://trustedcomputinggroup.org/wp-content/uploads/Credential_Profile_EK_V2.0_R14_published.pdf
-- and adjusted to compile as follows:
--
--  - Due to limitations of the Heimdal compiler we've moved all of this
--    module's contents to rfc2459.asn1.
--
--  - Extensibility markers added to all SEQUENCEs as per the TCG's spec they
--    reserve the right to add fields in the future.
--  - Information Object System annotations commented out (Heimdal does not
--    support them)
--
--  - Types sorted topologically (at the time I did that the Heimdal ASN.1
--    compiler wouldn't do that on its own)
--
--  - Two otherwise equal ENUMERATED types share a definition now (at the time
--    the Heimdal ASN.1 compiler did not prefix labels of ENUMERATED types)
--
-- A small note for anyone whoever finds this: do not add complex structures as
-- DN attributes, or, indeed, never add DN attributes again.  If some metadata
-- is name-like, then add a subjectAlternativeName otherName for it, otherwise
-- add a certificate extension to carry that metadata.  And, for any name-like
-- metadata, always always include query and display syntax for it.
--
-- Anyone designing anything but the simplest schema in ASN.1 should have to
-- learn a bit more about ASN.1 and/or get a review from ASN.1 experts.
--
-- Anyone designing anything but the simplest x.509 extensions should have to
-- learn a bit more about ASN.1 and x.509 and/or get a review from x.509
-- experts.
--
-- Note that a module OID was not provided.  Indeed, a valid, complete ASN.1
-- module was not provided.
--
-- END Heimdal commentary (though some minor Heimdal commentary appears below)

END