Path Discovery Test Outline - Test Case 4.1.1.3
- Subject: Path Discovery Test Outline - Test Case 4.1.1.3
- From: "Steven Madwin" <smadwin@adobe.com>
- Date: Fri, 15 Dec 2006 17:00:14 -0800
- Content-class: urn:content-classes:message
- Content-Type: multipart/signed; boundary="----=_NextPart_000_01D3_01C7206A.7D436720"; protocol="application/x-pkcs7-signature"; micalg=SHA1
- Thread-Index: AccgrYtW1aBiN3yuTaChajDa2UqeYw==
- Thread-Topic: Path Discovery Test Outline - Test Case 4.1.1.3
It seems to me that there is a flaw in Path Discovery
Test Outline, test case 4.1.1.3, but alas I'm not sure and would appreciate any
feedback either describing the error of my ways or, if you agree with my
logic.
Here is a summary of what's
occurring:
- The end-entity certificate does not contain a
CRL Distribution Points (CDP) extension.
- The key that signed end-entity certificate is not the
same key that signed the CRL
To paraphrase section 4.2.1.14 of RFC 3280, if the
issuer of the end-entity certificate is not the same as the issuer of the CRL,
then the end-entity certificate must contain a CDP extension and the CDP
must contain the cRLIssuer field. As such, because the "Rudimentary Directory
Path Discovery EE Certificate Test3" does not contain a CDP the indirect CRL
should not be considered valid. Without a valid CRL the digital signature
should not be considered valid when requiring revocation checking, but the
expected result is that the path should validate
successfully.
|
|
|
|
Steven
Madwin
Software QA
Engineer
Adobe Systems Incorporated
345
Park
Avenue,
MS-W15
San
Jose,
CA
95110-2704
USA
408.536.4343
p, 408.537.4053
f
smadwin@adobe.com
|
|
smime.p7s
Date Index |
Thread Index |
Problems or questions? Contact list-master@nist.gov