Updated PKITS test data available

Subject: Updated PKITS test data available
From: "David A. Cooper" <david.cooper@nist.gov>
Date: Fri, 10 Oct 2003 14:27:43 -0400
Content-Type: multipart/mixed; boundary="------------030001070603060404070900"
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030630

All,

An updated test document and test data have been posted to 
http://csrc.nist.gov/pki/testing/x509paths.html.  The test documentation 
is at http://csrc.nist.gov/pki/testing/PKITS.pdf and the test data may 
be downloaded from http://csrc.nist.gov/pki/testing/PKITS_data.zip.  The 
test data has also been posted to the LDAP directory.

The following changes have been made:

1) I added the three tests that I proposed on August 15 
(http://cio.nist.gov/esd/emaildir/pkits/msg00045.html).  These are tests 
4.4.19, 4.4.20, and 4.4.21.

2) I removed the controversial circular dependencies from tests 4.5.3 - 
4.5.8.  In each case, I did this by adding a distribution point CRL to 
the test data that only covers the self-issued certificate in the test.  
The self-issued certificates include cRLDistributionPoints extensions 
pointing to the distribution point CRLs.

(The indirect CRL test, 4.14.30, has not been changed, even though it 
includes a circular dependency.  Any attempt to remove the circular 
dependency would have resulted in a redundant test.  Until the issues 
surrounding circular dependencies have been resolved, this test is 
deprecated.)

3) The common names in the subject fields of the following certificates 
were changed so that they would conform to the 64 character limit:

    a) 6.1.5.156 Invalid keyUsage Not Critical keyCertSign False Test2 
EE (from test 4.7.2)

    b) 6.1.5.545 Valid Unknown Not Critical Certificate Extension Test1 
EE (from test 4.16.1)

    c) 6.1.5.546 Invalid Unknown Critical Certificate Extension Test2 EE 
(from test 4.16.2)

    d) 6.1.5.558 Valid Rollover from PrintableString to UTF8String 
Test10 EE (from test 4.3.10)


In conjunction with the updates to PKITS, the following changes have 
been made to the English language description of the PKI Client 
Protection Profile under development at NIST (an updated copy is attached):

1) The new tests, 4.4.19 - 4.4.21, are listed as tests that should be 
run by all.

2) Tests 4.10.10 and 4.10.11 are now listed as tests that should be run 
by all.

3) Test 4.14.30 is now listed as a test that should not be run.


Dave

PKE Client Tests.pdf

Prev by Date: Re: Does this PKITS Test cert conform to RFC 3280 ?
Next by Date: LDAP server for PKITS data unavailable
Prev by thread: Updated PKITS test data available
Next by thread: Test case 4.5.7

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov