Alain, The syntax and semantics for certificates are in an appendix to the Autokey ID now in review. That document also explains some additional assumptions that might not be consistent with other uses. However, the trusted certificate (TC) scheme is most vanilla and should not be a problem. One problem I anticipate is the need to support the case of the certificate for the trusted host itself and the public IFF group key, which require an X509 extension field.
Dave Bartholome, Alain wrote: >Hi, > >I need to do some testing with certificates produced by a third party PKI >instead of ntp-keygen. > >I would like to have the constraints and some guidelines in order to test >TC and IFF identity schemes. > >Regards, > > > >Alain BARTHOLOMÉ > > > > > > > > > >_______________________________________________ >questions mailing list >[email protected] >https://lists.ntp.org/mailman/listinfo/questions > > _______________________________________________ questions mailing list [email protected] https://lists.ntp.org/mailman/listinfo/questions
