> I'm working on Network Time Security and the draft specification requires > RFC-5280 and -5652 formatting (i.e. pkcs#9 and pkcs#7).
You're a bit confused. 5280 is the cert/crl profile. Pkcs9, evolved into RFC 2985 I think. > How complete is OpenSSL's support for both of these standards? Better than some, worse than others. Nobody implements everything in those PKCS specifications (except maybe Peter Gutman). > And if it's not complete, what's missing (i.e. how much effort would be > needed to round it out)? Without knowing anything about the NTP specifications, my educated guess is that OpenSSL has almost everything you need to implement them. For IETF protocols, it generally does. /r$ -- Principal Security Engineer, Akamai Technologies IM: rs...@jabber.me Twitter: RichSalz ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org