> I'm working on Network Time Security and the draft specification requires
> RFC-5280 and -5652 formatting (i.e. pkcs#9 and pkcs#7).

You're a bit confused. 5280 is the cert/crl profile.  Pkcs9, evolved into RFC 
2985 I think.

> How complete is OpenSSL's support for both of these standards?

Better than some, worse than others.  Nobody implements everything in those 
PKCS specifications (except maybe Peter Gutman).

> And if it's not complete, what's missing (i.e. how much effort would be
> needed to round it out)?

Without knowing anything about the NTP specifications, my educated guess is 
that OpenSSL has almost everything you need to implement them. For IETF 
protocols, it generally does.

        /r$

--  
Principal Security Engineer, Akamai Technologies
IM: rs...@jabber.me Twitter: RichSalz

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to