Commit e92cbe65 authored by Pierre Andouche's avatar Pierre Andouche
Browse files

Comment 395

parent 9ab90449

EN-304-624.md

+39 −5
Original line number Diff line number Diff line
@@ -1774,9 +1774,43 @@ REFERENCE: ASS-REQ-6.2-01 


    c) the way issuances were requested, and the responses and issued certificates from the PKI.



- REFERENCE: ASS-REQ-6.4-04



  - OBJECTIVE: Verify the PKI enables the Administrator to specify the set of acceptable values for the following fields and extensions:



- REFERENCE: ASS-REQ-6.4-04

    a) the authority key identifier;



    b) the algorithm identifier for the subject’s public/private key pair;



    c) the identifier of the certificate issuer;



    d) the length of time for which the certificate is valid.



  - PREPARATION:

      - Administrator access, to enable configuration.

      - Ability to request a certificate issuance for the different identified circumstances.



  - ACTIVITIES:

      - Configure a set of acceptable values for each of the identified fields and extensions, which does not contain all possible values.



      - For each way the PKI may issue a certificate:

          - For each of the identified fields and extensions:



              a) attempt to issue a certificate, where all fields and extensions have acceptable values except the one being verified;



              b) verify the issuance to fail or to be impossible.



  - VERDICT: SUCCESS if no certificate is issued; else FAIL.



  - EVIDENCE:



    a) The documentation of public-key certificate issuance circumstances;



    b) The applied configuration of the identified fields and extensions;



    c) the way issuances were requested, and the responses and issued certificates from the PKI.



- REFERENCE: ASS-REQ-6.4-05



  - OBJECTIVE: Verify that the PKI requires the Administrator to specify the set of acceptable values for the fields and extensions identified in REQ-5.3-04.
@@ -1796,7 +1830,7 @@ REFERENCE: ASS-REQ-6.2-01 


    b) the way issuances were requested, and the responses from the PKI.



- REFERENCE: ASS-REQ-6.4-05

- REFERENCE: ASS-REQ-6.4-06



  - OBJECTIVE: Verify the PKI marks the keyUsage, basicConstraints and certificatePolicies as critical in issued certificates.
@@ -1818,7 +1852,7 @@ REFERENCE: ASS-REQ-6.2-01 


    b) the way issuances were requested, and the responses and issued certificates from the PKI.



 - REFERENCE: ASS-REQ-6.4-06

 - REFERENCE: ASS-REQ-6.4-07



  - OBJECTIVE: Verify the PKI disallows the keyUsage extension to offer both digital signature and encryption or key agreement capabilities.
@@ -1844,7 +1878,7 @@ REFERENCE: ASS-REQ-6.2-01 


    b) the way issuances were requested, and the responses and issued certificates from the PKI.



- REFERENCE: ASS-REQ-6.4-07

- REFERENCE: ASS-REQ-6.4-08



  - OBJECTIVE: Verify the PKI ensures a prospective certificate subject possesses the private key that corresponds to the public key in the certificate request before issuing a certificate.