| <<< Chronological >>> | Author Index Subject Index | <<< Threads >>> |
|
Hi Do Duc Huy, Thanks for your response to our
mail. Hi all, For three interfaces (create,
request and view), they are well done in my test. But I have
some points need help to clarify here: - Can we select the range of
resource for each certificate?
In this state of testing, all certificate have same resource range and I can
not see any interface for select resource corresponding with certificate. At the moment, all resources
will be added to the certificate. Whether this will change in the future will
be a policy question. However, when signing your own resource certificate, i.e.
in the case of ROA’s, it will be possible to specify the range of resources.
Note, however, that ROA’s are currently not supported and will be added in a
future version. - There are only 5 fields in
resource certificate (Serial, Subject...), so I wonder if they are enough for
deploy resource certificate system? Because as I know, in global infrastructure
(http://tools.ietf.org/html/draft-ietf-sidr-arch-03)
there are many fields needed in certificate content At the moment, we don’t support
AIA and SIA fields, and we do not show the key usage. In the future we will
support these fields, but at the moment, they are not available in the system.
Are there any other fields you’re missing? - How to validate a certificate
that download from certtest Currently, there’s no easy way
to validate a certificate. This doesn’t mean it’s not possible, just that it’s
not easy to do out-of-the-box. OpenSSL 0.9.8e includes a patch which can
validate the RFC3779 extension. The patch, however, is disabled by default and
you have to manually enable it (probably by recompiling OpenSSL with the
‘enable-rfc3779’ flag, as described here: http://viewvc.hactrn.net/subvert-rpki.hactrn.net/openssl/README?revision=1676&view=markup)
I hope this answers your
questions, if you need more information, please let us know. Regards, Erik Pragt RIPE NCC From:
certtest-admin@localhost [mailto:certtest-admin@localhost] On Behalf Of Erik
Pragt Dear certification testers, As mentioned in the previous
update, the last month we’ve concentrated on delivering a test-ready system.
This version is now test-ready, and can be accessed by pointing your browser
to: This url contains the basic
interface of the RPKI, which is still in its early stages. Many of the
functionalities here will evolve over time, for which we really appreciate your
input and comments. You can log in by using the credentials
which will be send in an follow-up email shortly after this email. At this point you can use the
interface to: · create
a key pair · request
a resource certificate · view
resource certificates For your convenience we have made
a screencast that shows how to perform these tasks, which can be found here. Any feedback is highly
appreciated and can be given by sending an email to certtest@localhost ! Regards, Erik Pragt Software Developer at RIPE NCC |
| <<< Chronological >>> | Author Subject | <<< Threads >>> |