X.509 certificate tests

X.509 certificate tests

[Casey Marshall]

Hi,

I've repackaged the implementation of the PKITS [1] test suite I wrote
for the X.509 implementation I have been working on (and, might be
putting into Classpath) for Mauve.

The test tarball is quite large, as it contains a great many example
certificates and CRLs, so I have posted it here instead of to this
list:

  <http://metastatic.org/source/pkits.tar.bz2>

-- 
Casey Marshall || csm@gnu.org

[1] http://csrc.nist.gov/pki/testing/x509paths.html

Re: X.509 certificate tests

[Tom Tromey]

Casey> I've repackaged the implementation of the PKITS [1] test suite I wrote
Casey> for the X.509 implementation I have been working on (and, might be
Casey> putting into Classpath) for Mauve.

Is this something that would fit into the existing mauve approach?  If
not we can always make a new module in cvs.

Hmm, I see you don't have mauve write access.  Let's change that.

Tom

Re: X.509 certificate tests

[Casey Marshall]

>>>>> "Tom" == Tom Tromey <tromey@redhat.com> writes:

Casey> I've repackaged the implementation of the PKITS [1] test suite
Casey> I wrote for the X.509 implementation I have been working on
Casey> (and, might be putting into Classpath) for Mauve.

Tom> Is this something that would fit into the existing mauve
Tom> approach?  If not we can always make a new module in cvs.

I don't see why not; all of the tests are very simple, and follow the
same pattern: parse some certificates, give them to the
CertPathValidator, and get a "yes" or "no" answer at the end.

The only really problematic part are the certificate data: they are
about 2.6M of binary goo. Any problem with including them?

-- 
Casey Marshall || csm@gnu.org

Re: X.509 certificate tests

[Tom Tromey]

Casey> The only really problematic part are the certificate data: they are
Casey> about 2.6M of binary goo. Any problem with including them?

As long as there are no legal issues I don't see a problem.  My copy
of mauve seems to be about 14M already, a few more megabytes won't
hurt.

Tom

Re: X.509 certificate tests

[Casey Marshall]

>>>>> "Tom" == Tom Tromey <tromey@redhat.com> writes:

Casey> The only really problematic part are the certificate data: they
Casey> are about 2.6M of binary goo. Any problem with including them?

Tom> As long as there are no legal issues I don't see a problem.  My
Tom> copy of mauve seems to be about 14M already, a few more megabytes
Tom> won't hurt.

The test suite was developed by the US government, so it is not
subject to copyright.

Parts were contracted out by the NSA, but it seems that they have
stated that the test files are freely redistributable [1].

-- 
Casey Marshall || csm@gnu.org

[1] http://cio.nist.gov/esd/emaildir/lists/pkits/msg00047.html

Re: X.509 certificate tests

[Mark Wielaard]

[-- Attachment #1: Type: text/plain, Size: 2037 bytes --]

Hi,

On Tue, 2004-10-26 at 19:58, Casey Marshall wrote:
> The test suite was developed by the US government, so it is not
> subject to copyright.
> 
> Parts were contracted out by the NSA, but it seems that they have
> stated that the test files are freely redistributable [1].

Please add the following text from that to the README:

        The test document and data were jointly developed by NIST and 
        DigitalNet.  Any contribution made to this project by NIST is covered by 
        Title 17 Section 105 of the United States Code which states that any 
        work developed by the United State Government is not subject to 
        copyright protection (see http://www4.law.cornell.edu/uscode/17/105.html).
        So, NIST's contributions to the test documentation and data are in the
        public domain.
        
        While DigitalNet's contributions to the documentation and data may be 
        subject to copyright, all of the work done by DigitalNet on this project 
        was done under contract for NSA.  So, it would be up to NSA to decide 
        how DigitalNet's contributions to the project could be used.  In 
        response to your query, I asked DigitalNet about the use of the test 
        suite and received the following response:
        
            "V51 [of NSA] approved of the public release of the PKITS test data 
        and documents.  There are no restrictions regarding their redistribution."

when you add this data.

Although we are more relaxed about accepting contributions to Mauve than
with for example GNU Classpath (for which we require written
confirmation by all contributors) we still want to have a record who
contributed what when. This can be done in the ChangeLog and the README
file though. Even if it wouldn't be a very big disaster if we ever have
to remove a test from mauve we should try to prevent ever having to be
in such a situation and prevent any unclearity about the origins of any
of the tests.

Thanks,

Mark

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]