> I'm working on Network Time Security and the draft specification requires
> RFC-5280 and -5652 formatting (i.e. pkcs#9 and pkcs#7).
You're a bit confused. 5280 is the cert/crl profile. Pkcs9, evolved into RFC
2985 I think.
> How complete is OpenSSL's support for both of these standards?
Better than some, worse than others. Nobody implements everything in those
PKCS specifications (except maybe Peter Gutman).
> And if it's not complete, what's missing (i.e. how much effort would be
> needed to round it out)?
Without knowing anything about the NTP specifications, my educated guess is
that OpenSSL has almost everything you need to implement them. For IETF
protocols, it generally does.
/r$
--
Principal Security Engineer, Akamai Technologies
IM: [email protected] Twitter: RichSalz
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
