PKITS.pdf

说明：  A certification path is an ordered list of certificates starting with a certificate issued by the relying party s trust root, and ending with the target certificate that needs to be validated. Certification path validation procedures are based on the algorithm supplied in ITU-T Recommendation X.509 and further defined in Internet Engineering Task Force (IETF) Request for Comments (RFC) 3280. Certification path processing verifies the binding between the subject distinguished name and/or subject alternative name and the subject public key defined in the target certificate. The binding is limited by constraints, which are specified in the certificates that comprise the path, and inputs that are specified by the relying party. To ensure secure interoperation of PKI-enabled applications, the path validation must be done in accordance with the X.509 and RFC 3280 specifications. This document provides the test assertions and the test cases for testing path validation software against these specifications.