A question concerning test case 4.12.10

Subject: A question concerning test case 4.12.10
From: Ville Heikkala <heikkala@ssh.com>
Date: Wed, 28 Apr 2004 11:19:58 +0300 (EET DST)
Content-Type: TEXT/PLAIN; charset=US-ASCII



Dear all,

I have some problems trying to understand why the path in 4.12.10 should
not validate succesfully. Comparing to 4.12.9, where the path should
validate (assuming initial-policy-set includes NIST-test-policy-1), the
first difference in the paths (starting from Trust Anchor Root
Certificate) occurs in the self-signed CA certificates of subCA2.  They
are both of the Base Intermediate Certificate base type, self-signed by
inhibitAnyPolicy1 subCA2, assert anyPolicy (at an acceptable distance from
inhibitAnyPolicy1 CA Cert, which has inhibitAnyPolicy set to 1). As far as
I can tell, the only differences are in the keyUsageExtension,
SerialNumber, and key information. Then, in 4.12.9, this subCA2
self-signed cert is used to sign the EE cert, and the path should validate
succesfully. But why should the path in 4.12.10, which ends at the subCA2
self-signed cert itself, not validate?

Having studied RFC 3280, I have also not found a reason why 4.12.10 should
not validate. What am I missing here?

Thanks,
Ville Heikkala.

Follow-Ups:
- Re: A question concerning test case 4.12.10
  - From: "David A. Cooper" <david.cooper@nist.gov>

Prev by Date: RE: nextUpdate
Next by Date: Re: A question concerning test case 4.12.10
Prev by thread: New documents on PKITS Web site
Next by thread: Re: A question concerning test case 4.12.10

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov