New documents on PKITS Web site

Subject: New documents on PKITS Web site
From: "David A. Cooper" <david.cooper@nist.gov>
Date: Tue, 04 May 2004 09:59:22 -0400
Content-Transfer-Encoding: 7bit
Content-Type: text/html; charset=us-ascii
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031010

Title:

All,

Last night I posted an update to the PKITS Web page. The updated Web page includes three new documents:

An updated version of the PKITS test descriptions. The updated document contains a re-write of the introduction to section 4.4 (Basic Certificate Revocation Tests), but is otherwise unchanged from the October 7, 2003 draft. The new text in section 4.4 was designed to clarify the requirements for a path validation module when valid revocation data is unavailable. If there are no further comments on the document by the end of next week, I will label the current draft as the official version 1.0.
An initial draft of the NIST Recommendation for X.509 Path Validation. This document specifies functional requirements for path validation modules (PVMs). The requirements are broken up into two major categories: Enterprise PVMs for use in PKIs that are limited to a single organization and Bridge-enabled PVMs for use in multi-organizational PKIs. The document also includes support for specifying supplementary requirements such as the ability to process delta-CRLs or indirect CRLs. An appendix is included that indicates how PKITS can be used to verify that a PVM implements path validation correctly. This document is based on, and replaces, an earlier effort to develop a Protection Profile. We would like to receive comments on the draft NIST Recommendation by June 1, 2004.
The appendix in the NIST Recommendation includes a table listing every test (and subtest) in PKITS. The table specifies which tests from PKITS need to be run in order to verify that a PVM has been implemented correctly. The specific set of tests that needs to be run, and the expected outcome of the tests, depends on the set of functionality that is implemented by the PVM being tested. A program is now available that will generate a customized version of this table when provided with information about the set of functionality that is implemented by the PVM that is to be tested. The program was developed for Linux, but should be easy to port to other platforms if necessary.

Dave

P.S. Information about the older test suite, Conformance Testing of Relying Party Client Certificate Path Processing Logic, Version 1.07, has been moved to a separate Web page (http://csrc.nist.gov/pki/testing/x509paths_old.html). A link to this page is included at the bottom of the PKITS Web page (http://csrc.nist.gov/pki/testing/x509paths.html).

Prev by Date: Re: A question concerning test case 4.12.10
Next by Date: LDAP server for PKITS data unavailable on Friday and Monday
Prev by thread: LDAP server for PKITS data unavailable on Friday and Monday
Next by thread: A question concerning test case 4.12.10

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov