RE: [certtest] Certification test portal ready for testing

  • From: "Erik Pragt" epragt@localhost
  • Date: Tue, 1 Jul 2008 15:56:20 +0200

Hi Do Duc Huy,

 

Thanks for your response to our mail.

 

Hi all,

For three interfaces (create, request and view), they are well done in my test. But I have some points need help to clarify here:

- Can we select the range of resource for each certificate? In this state of testing, all certificate have same resource range and I can not see any interface for select resource corresponding with certificate.

 

At the moment, all resources will be added to the certificate. Whether this will change in the future will be a policy question. However, when signing your own resource certificate, i.e. in the case of ROA’s, it will be possible to specify the range of resources. Note, however, that ROA’s are currently not supported and will be added in a future version.

 

- There are only 5 fields in resource certificate (Serial, Subject...), so I wonder if they are enough for deploy resource certificate system? Because as I know, in global infrastructure (http://tools.ietf.org/html/draft-ietf-sidr-arch-03) there are many fields needed in certificate content

 

At the moment, we don’t support AIA and SIA fields, and we do not show the key usage. In the future we will support these fields, but at the moment, they are not available in the system. Are there any other fields you’re missing?

 

- How to validate a certificate that download from certtest

 

Currently, there’s no easy way to validate a certificate. This doesn’t mean it’s not possible, just that it’s not easy to do out-of-the-box. OpenSSL 0.9.8e includes a patch which can validate the RFC3779 extension. The patch, however, is disabled by default and you have to manually enable it (probably by recompiling OpenSSL with the ‘enable-rfc3779’ flag, as described here: http://viewvc.hactrn.net/subvert-rpki.hactrn.net/openssl/README?revision=1676&view=markup)

 

I hope this answers your questions, if you need more information, please let us know.

 

Regards,

 

Erik Pragt

RIPE NCC

 

 


From: certtest-admin@localhost [mailto:certtest-admin@localhost] On Behalf Of Erik Pragt
Sent: 30 June 2008 16:04
To: certtest@localhost
Subject: [certtest] Certification test portal ready for testing

Dear certification testers,

 

As mentioned in the previous update, the last month we’ve concentrated on delivering a test-ready system. This version is now test-ready, and can be accessed by pointing your browser to:

 

                http://certtest.ripe.net

 

This url  contains the basic interface of the RPKI, which is still in its early stages. Many of the functionalities here will evolve over time, for which we really appreciate your input and comments.

 

You can log in by using the credentials which will be send in an follow-up email shortly after this email.

 

At this point you can use the interface to:

·         create a key pair

·         request a resource certificate

·         view resource certificates

 

For your convenience we have made a screencast that shows how to perform these tasks, which can be found here.

 

Any feedback is highly appreciated and can be given by sending an email to certtest@localhost !

 

Regards,

 

Erik Pragt

Software Developer at RIPE NCC