beltzner wrote: > On 2/1/07, Gervase Markham <[EMAIL PROTECTED]> wrote: >> Not to my knowledge. Such a thing would be fantastic! > > What I was able to offer the W3C was: > > http://www.w3.org/2006/WSC/wiki/NoteMozillaCertificateValidationErrors > > But if someone could help me construct the workflow, that would be > great. Any takers?
This seems like a worthy goal. Mike, you're asking about NSS code. The folks who work on that all hang out in m.d.t.crypto. Your question would get more answers there, I think. So, I'm cross posting this to both groups. The page above cites 6 things that can be wrong in a cert chain. There are many MANY more than 6. A full flow chart would be Quite large. So I'm curious to know what level of detail you want. One could put a bunch of tests into a box that said "do a lot of tests" to simplify the chart, but would that defeat your purposes? We could also just list a bunch of tests without specifying any details, e.g. "check that key usage and extended key usage permit the intended use for which we want this cert." without making each one a separate decision point in the flow chart. I'm not volunteering to make a pretty flow chart, but I can definitely help fill in the text if someone else can do the artwork. -- Nelson B _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
