|
Hi,
First question is about Certificate Chain
Validation and Certificate properties used in a traditional SET
transaction.
How actually should an application validate
a certificate chain? For example after a certificate request message
from Payment Gateway to its member merchant, merchant sends the X.509 v3
certificate to the merchant. That is OK. Do other certificates within the
certificate chain (up to the root certificate, i mean) come with the certificate
of merchant? How and where is this flow is specified in the SET
documents?
Second question is about the policy extensions that
should be checked when validating a certificate. There are numerous checks in
additon to Basic certificate checks, that are specified in Amendment
1 to X.509. For example:
1. Processing intermediate
certificates,
2. Name Constraints,
3. Explicit policy indicator processing
4. Some other final processing steps... Should a SET application that wants to be certified
by SETCO, process all of these steps which exists in the Amendment document
but not found in Set Specification Books (1,2,3)?
Thank you in advance for your interest and help.
Regards. |
