RFC's 5280 and 5262

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

RFC's 5280 and 5262

Philip Prindeville
Hi,

I’m working on Network Time Security and the draft specification requires RFC-5280 and -5652 formatting (i.e. pkcs#9 and pkcs#7).

How complete is OpenSSL’s support for both of these standards?

And if it’s not complete, what’s missing (i.e. how much effort would be needed to round it out)?

Thanks,

-Philip

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: RFC's 5280 and 5262

Salz, Rich
> I'm working on Network Time Security and the draft specification requires
> RFC-5280 and -5652 formatting (i.e. pkcs#9 and pkcs#7).

You're a bit confused. 5280 is the cert/crl profile.  Pkcs9, evolved into RFC 2985 I think.

> How complete is OpenSSL's support for both of these standards?

Better than some, worse than others.  Nobody implements everything in those PKCS specifications (except maybe Peter Gutman).

> And if it's not complete, what's missing (i.e. how much effort would be
> needed to round it out)?

Without knowing anything about the NTP specifications, my educated guess is that OpenSSL has almost everything you need to implement them. For IETF protocols, it generally does.

        /r$

--  
Principal Security Engineer, Akamai Technologies
IM: [hidden email] Twitter: RichSalz

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]