[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

rfc 3280 interoperability testing

To: iesg@ietf.org
Subject: rfc 3280 interoperability testing
From: Steve Bellovin <smb@research.att.com>
Date: Wed, 16 Jul 2003 11:30:33 +0200

Russ and I discussed the necessary interoperability tests to advance 
RFC 3280.  The problem is complicated because 3280 describes both 
certificate formats and some processing rules.  The question is what 
needs to be tested, given that many of the fields are used only by end 
system applications, and not by the certificate handling code itself.

My answer is that for such fields, all that is needed is to show that 
the CAs can generate all of the described fields, and that they have 
the proper formats, data types, etc.  There is no need to test how 
applications actually use these fields, since that's an application 
matter.  For fields whose behavior is needed by the certificate 
processing mechanisms, the behavior itself is checked, of course.

Does everyone agree that this is a correct analysis?


		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com (2nd edition of "Firewalls" book)

Follow-Ups:
- Re: rfc 3280 interoperability testing
  - From: Randy Bush <randy@psg.com>

Prev by Date: iesg and iab small rooms
Next by Date: Evaluation: draft-ietf-secsh-dns - Using DNS to securely publish SSH key fingerprints
Previous by thread: iesg and iab small rooms
Next by thread: Re: rfc 3280 interoperability testing
Index(es):
- Date
- Thread