On Thu, Jan 23, 2003, Thomas Pornin wrote: > Hello, > > 3. If there is no reference test suite available, should it be assumed > that there exists no tested, and, therefore with high probability no > correct, implementation of the certification path validation algorithm > which handles the policy mappings and name constraints ? >
There was some debate about how some options in name constraints should be interpreted in the PKIX mailing lists not long ago. This suggests that "correct" may be subject to interpretation :-) I've never seen a certificate with either name or policy constraints in the field or indeed privately. Examples would be useful to check out any future OpenSSL support for them. Steve. -- Dr. Stephen Henson [EMAIL PROTECTED] OpenSSL Project http://www.openssl.org/~steve/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
