Ives Steglich wrote: > Ives Steglich wrote: > >>Oliver Welter wrote: > > > another good resource for testing is: > http://wiki.cacert.org/wiki/VhostTaskForce > > they maintain also a compatiblity table in the wiki and i must say, it > looks quite good ;) i can remember the discussion on mozilla.crypto > newsgroup about that... and they took the results and put them together > online > there is taken RFC 2459 as a base, but there is a new one which obsoletes it - RFC 3280, the section about SANs hasn't changed so far.
Old Version http://www.ietf.org/rfc/rfc2459.txt New Version http://www.ietf.org/rfc/rfc3280.txt but there are some interesting new Details in reworked RFC: This specification obsoletes RFC 2459. This specification differs from RFC 2459 in five basic areas: * To promote interoperable implementations, a detailed algorithm for certification path validation is included in section 6.1 of this specification; RFC 2459 provided only a high-level description of path validation. * An algorithm for determining the status of a certificate using CRLs is provided in section 6.3 of this specification. This material was not present in RFC 2459. * To accommodate new usage models, detailed information describing the use of delta CRLs is provided in Section 5 of this specification. * Identification and encoding of public key materials and digital signatures are not included in this specification, but are now described in a companion specification [PKIXALGS]. * Four additional extensions are specified: three certificate extensions and one CRL extension. The certificate extensions are subject info access, inhibit any-policy, and freshest CRL. The freshest CRL extension is also defined as a CRL extension. * Throughout the specification, clarifications have been introduced to enhance consistency with the ITU-T X.509 specification. X.509 defines the certificate and CRL format as well as many of the extensions that appear in this specification. These changes were introduced to improve the likelihood of interoperability between implementations based on this specification with implementations based on the ITU-T specification. greetings dalini ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
