Em 05-03-2009 22:55, David A. Cooper escreveu:
All,I have been asked to work on finding two independent implementations of every feature in RFC 5280 in order to support the process of advancing RFC 5280 to Draft Standard. I have been fairly successful so far, but there are a lot of features in RFC 5280 that need to be covered. So, this will likely be the first of many emails requesting help in finding implementations of certain features.So, please let me know if you are aware of any certificates that satisfy either of the following requirements:1) From Section 22.214.171.124 (Certificate Policies): An explicitText field includes the textual statement directly in the certificate. The explicitText field is a string with a maximum size of 200 characters. Conforming CAs SHOULD use the UTF8String encoding for explicitText, but MAY use IA5String. Conforming CAs MUST NOT encode explicitText as VisibleString or BMPString. The explicitText string SHOULD NOT include any control characters (e.g., U+0000 to U+001F and U+007F to U+009F). When the UTF8String encoding is used, all character sequences SHOULD be normalized according to Unicode normalization form C (NFC) [NFC].I have found several certificates that include a userNotice policy qualifier with explicitText, but every one of them encodes the explicitText as VisibleString.
I think this is due to the lack of support for UserNotices in UTF8String on older versions of Microsoft Internet Explorer (as far as I remember, IE6 still had this problem). As an example, the EJBCA software (http://www.ejbca.org) has a configuration to choose whether the UserNotice is encoded in UTF8String or BMPString.
2) From Section 126.96.36.199 (Authority Information Access): HTTP server implementations accessed via the URI SHOULD specify the media type application/pkix-cert [RFC2585] in the content-type header field of the response for a single DER encoded certificate....I have found several certificates that include an AIA extension with an id-ad-caIssuers access method with an HTTP URI that points to a single certificate, but none of the HTTP servers specify the media type as application/pkix-cert. Most specify the media type as application/x-x509-ca-cert and a few specify the media type as text/plain.Thanks in advance for any help you can give me locating certificates (and HTTP servers) that can be used to demonstrate the existence of implementations of these features.Dave
Description: S/MIME Cryptographic Signature