[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
rfc 3280 interoperability testing
Russ and I discussed the necessary interoperability tests to advance
RFC 3280. The problem is complicated because 3280 describes both
certificate formats and some processing rules. The question is what
needs to be tested, given that many of the fields are used only by end
system applications, and not by the certificate handling code itself.
My answer is that for such fields, all that is needed is to show that
the CAs can generate all of the described fields, and that they have
the proper formats, data types, etc. There is no need to test how
applications actually use these fields, since that's an application
matter. For fields whose behavior is needed by the certificate
processing mechanisms, the behavior itself is checked, of course.
Does everyone agree that this is a correct analysis?
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)