[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: rfc 3280 interoperability testing
Sounds a bit aka how we do it for MIB objects.
We do not require that the contents is tested (other than
that it has the proper data-type, so proper format) or
that apps approve that they can deal with the content.
We documented our approach in RFC2438.
Thanks,
Bert
> -----Original Message-----
> From: Steve Bellovin [mailto:smb@research.att.com]
> Sent: woensdag 16 juli 2003 11:31
> To: iesg@ietf.org
> Subject: rfc 3280 interoperability testing
>
>
> Russ and I discussed the necessary interoperability tests to advance
> RFC 3280. The problem is complicated because 3280 describes both
> certificate formats and some processing rules. The question is what
> needs to be tested, given that many of the fields are used
> only by end
> system applications, and not by the certificate handling code itself.
>
> My answer is that for such fields, all that is needed is to show that
> the CAs can generate all of the described fields, and that they have
> the proper formats, data types, etc. There is no need to test how
> applications actually use these fields, since that's an application
> matter. For fields whose behavior is needed by the certificate
> processing mechanisms, the behavior itself is checked, of course.
>
> Does everyone agree that this is a correct analysis?
>
>
> --Steve Bellovin, http://www.research.att.com/~smb (me)
> http://www.wilyhacker.com (2nd edition of
> "Firewalls" book)
>
>
>