ACP 185
ACP 185
ACP 185
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
UNCLASSIFIED<br />
<strong>ACP</strong> <strong>185</strong><br />
CHAPTER 3<br />
TECHNICAL INTEROPERABILTY TESTING<br />
OVERVIEW<br />
301. Prior to cross-certification of two NDPKIs, interoperability testing shall be<br />
conducted to analyse and validate the PKIs of the two CCEB partners so that standards<br />
compliance is ensured and to assess that basic PKI services perform as expected across<br />
multiple international domains and repositories.<br />
INTRODUCTION<br />
302. Technical interoperability activities between CCEB nations are intended to test<br />
cross-certificate path building and validation in a test environment prior to bilateral crosscertification<br />
between the operational CAs of the two NDPKIs. Subsequent testing will<br />
focus on establishing stable configurations to support common applications.<br />
PREREQUISITES<br />
Test Infrastructure<br />
303. Each CCEB Nation Participant shall have or establish a test infrastructure that is<br />
representative of their operational environment and is able to issue certificate requests,<br />
issue certificates, sign certificates, revoke certificates and provide the capability for<br />
partners to validate issued certificates.<br />
Certificate Profiles<br />
304. Certificate profiles shall be exchanged among the CCEB Nation Participants that<br />
address the population, or non-population, of the fields and extensions listed below to<br />
enable correct path discovery and validation:<br />
• Policy Object Identifiers (OID)<br />
• Policy OID mappings<br />
• Cryptographic Algorithms<br />
• Name constraints<br />
• Policy constraints<br />
• Basic constraints<br />
• Key usage and extended key usage<br />
• Authority Information Access (AIA)<br />
• Subject Information Access (SIA)<br />
• Subject name<br />
Uncontrolled copy when printed<br />
3-1<br />
UNCLASSIFIED