[Mono-devel-list] Mono anx X509 Certificates
Sebastien Pouliot
spouliot at videotron.ca
Wed Jan 28 08:29:17 EST 2004
Hello Arthur,
> Is there any C# code that covers CMP (especially certificate revocation)
> or even OCSP?
I did implement an OCSP server using C# and a ASP.NET web application (more
than 2 years ago after my XKMS project). The bad news is that this isn't
open source. The good news is that the foundation of it, the ASN.1 class, is
open source and part of Mono (see Mono.Security assembly).
Note: Be aware that this is an ASN.1 class not an ASN.1 compiler! However
OCSP ASN.1 structures are simple to hand code.
> Are X509Certificates classes complete?
The X509Certificate class is "complete" as far as compatibility is required
with the .NET framework.
> I've read in the notes that Mono.Security assembly is suposed to be
> better alternative than corlib (System.Security). Why is that?
X509Certificate isn't "complete" enough for many tasks. You couldn't create
a OCSP _client_ using it because OCSP requires you to hash part of the
certificate that aren't available using the X509Certificate class. I'm
unsure (without reading OCSP spec again) but I think you may be able to
write an OCSP responder using
System.Security.Cryptography.X509Certificates.X509Certificate.
Someday (well at least for .NET 1.2) we'll need a decent certificate path
discovery and validation (as the current embedded implementation in Mono is
VERY basic and only used for Authenticode). At this step it would be nice to
add OCSP (client) validation in addition to CRL. From what I'm told Longhorn
is supposed to have a built-in OCSP client (in CryptoAPI).
Sebastien Pouliot
home: spouliot at videotron.ca
blog: http://pages.infinit.net/ctech/poupou.html
-----Original Message-----
From: mono-devel-list-admin at lists.ximian.com
[mailto:mono-devel-list-admin at lists.ximian.com]On Behalf Of Artur
Brodowski
Sent: 27 janvier 2004 09:33
To: mono-devel-list at ximian.com
Cc: spouliot at videotron.ca
Subject: [Mono-devel-list] Mono anx X509 Certificates
I need to implement simple OCSP server and I was wondering if I could
do it with Mono (and maybe use webservices to distribute certificate
status in the future?). Are X509Certificates classes complete?
I've read in the notes that Mono.Security assembly is suposed to be
better alternative than corlib (System.Security). Why is that?
Is there any C# code that covers CMP (especially certificate revocation)
or even OCSP?
regards,
artb.
_______________________________________________
Mono-devel-list mailing list
Mono-devel-list at lists.ximian.com
http://lists.ximian.com/mailman/listinfo/mono-devel-list
More information about the Mono-devel-list
mailing list