[Summit] getting organized

Bruce Campbell b+jabber at bruce-2010.zerlargal.org
Mon Jun 21 17:54:02 CDT 2010


On Mon, 21 Jun 2010, Dave Cridland wrote:

> On Mon Jun 21 17:39:46 2010, bear wrote:
>> Having some certs handy and a CA would be perfect, even if only remote
>> - that is the kind of thing that will cause interop testing to grind
>> to a very slow pace as everyone suddenly realizes what is needed.
>> 
>> 
> No problem, I'll commit (on behalf of Isode) to having at minimum two 
> (private, closed, temporary) CAs setup. We'll be able to issue certificates 
> based on PKCS#10 CSRs, or else just create a PKCS#12 anew (which is insecure 
> for obvious reasons, but fine for interop).
>
> We can generate various forms of SubjectAltName, including sRVName, xmppAddr, 
> and dNSName, and we can have "traditional" SubjectNames (ie, hostname as CN) 
> as well as following the strict X.500 spec on those.
>
> It's very much harder to generate things like expired certificates, but I'll 
> ask the X.509 team at Isode about that, and other interesting failure cases 
> we might want to test.

Easiest might be to have one of the CAs running with a day-off clock. 
Another to-be-tested thing would be the proper handling of revoked certs 
via CRLs.

-- 
   Bruce.



More information about the Summit mailing list