[OGSA-AUTHZ] RFC 3280 path validation [Re: Implementations]
Alan Sill
Alan.Sill at ttu.edu
Tue Mar 25 14:03:19 CDT 2008
On Mar 22, 2008, at 4:44 AM, David Chadwick wrote:
> if you have followed a lot of the (old) discussions on the PKIX
> list about DN matching in certificates, you will see that a lot of PKI
> software vendors do plain string matching of DNs, rather than proper
> X.500/LDAP DN matching rules, so dont believe that passing certs
> instead
> of DNs will solve this problem. It wont. Only proper DN matching
> software will solve this, so it is irrelevant whether the DN is passed
> as a string or in a cert.
David et al.,
With respect to the point above, thought you might be interested in
the following link.
Topic:
PathFinder is designed to provide a mechanism for any program to
perform RFC3280-compliant path validation of X509 certificates, even
when some of the intermediate certificates are not present on the
local machine. By design, Pathfinder automatically downloads any such
certificates (and their CRLs) from the Internet as needed using the
AIA and CRL distribution point extensions of the certificates it is
processing.
Link:
http://code.google.com/p/pathfinder-pki/
Alan
Alan Sill, Ph.D
TIGRE Senior Scientist, High Performance Computing Center
Adjunct Professor of Physics
TTU
====================================================================
: Alan Sill, Texas Tech University Office: Admin 233, MS 4-1167 :
: e-mail: Alan.Sill at ttu.edu ph. 806-742-4350 fax 806-742-4358 :
====================================================================
More information about the ogsa-authz-wg
mailing list