RE: rfc 3280 interoperability testing

["Wijnen, Bert (Bert)" <bwijnen@lucent.com>]

Sounds a bit aka how we do it for MIB objects.
We do not require that the contents is tested (other than
that it has the proper data-type, so proper format) or
that apps approve that they can deal with the content.

We documented our approach in RFC2438.

Thanks,
Bert 

> -----Original Message-----
> From: Steve Bellovin [mailto:smb@research.att.com]
> Sent: woensdag 16 juli 2003 11:31
> To: iesg@ietf.org
> Subject: rfc 3280 interoperability testing
> 
> 
> Russ and I discussed the necessary interoperability tests to advance 
> RFC 3280.  The problem is complicated because 3280 describes both 
> certificate formats and some processing rules.  The question is what 
> needs to be tested, given that many of the fields are used 
> only by end 
> system applications, and not by the certificate handling code itself.
> 
> My answer is that for such fields, all that is needed is to show that 
> the CAs can generate all of the described fields, and that they have 
> the proper formats, data types, etc.  There is no need to test how 
> applications actually use these fields, since that's an application 
> matter.  For fields whose behavior is needed by the certificate 
> processing mechanisms, the behavior itself is checked, of course.
> 
> Does everyone agree that this is a correct analysis?
> 
> 
> 		--Steve Bellovin, http://www.research.att.com/~smb (me)
> 		http://www.wilyhacker.com (2nd edition of 
> "Firewalls" book)
> 
> 
>