Discussion:
RFC's 5280 and 5262
Philip Prindeville
2014-10-19 00:00:35 UTC
Permalink
Hi,

I’m working on Network Time Security and the draft specification requires RFC-5280 and -5652 formatting (i.e. pkcs#9 and pkcs#7).

How complete is OpenSSL’s support for both of these standards?

And if it’s not complete, what’s missing (i.e. how much effort would be needed to round it out)?

Thanks,

-Philip

______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-***@openssl.org
Automated List Manager ***@openssl.org
Salz, Rich
2014-10-19 07:39:26 UTC
Permalink
I'm working on Network Time Security and the draft specification requires
RFC-5280 and -5652 formatting (i.e. pkcs#9 and pkcs#7).
You're a bit confused. 5280 is the cert/crl profile. Pkcs9, evolved into RFC 2985 I think.
How complete is OpenSSL's support for both of these standards?
Better than some, worse than others. Nobody implements everything in those PKCS specifications (except maybe Peter Gutman).
And if it's not complete, what's missing (i.e. how much effort would be
needed to round it out)?
Without knowing anything about the NTP specifications, my educated guess is that OpenSSL has almost everything you need to implement them. For IETF protocols, it generally does.

/r$

--
Principal Security Engineer, Akamai Technologies
IM: ***@jabber.me Twitter: RichSalz

______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-***@openssl.org
Automated List Manager ***@openssl.org
Loading...