W3C home > Mailing lists > Public > www-xkms@w3.org > October 2004

Re: Revised Test Cases

From: Guillermo Álvaro Rey <alvarorg@cs.tcd.ie>
Date: Wed, 13 Oct 2004 12:36:22 +0100
To: Tommy Lindberg <tommy.lindberg@gmail.com>
Cc: Yunhao Zhang <yzhang@sqldata.com>, www-xkms@w3.org
Message-Id: <1097667382.3038.127.camel@lamb.dsg.cs.tcd.ie>
Hi Tommy, Yunhao, all,

I had just updated the test collection site [1] with Yunhao's draft but
I would be happy to do the necessary changes before we actually begin to
exercise those. 

I agree with the approach of grouping messages together in the same
scenario (example: validate+register+validate). Regarding the "missing
tests" (as other revocation options) I think they can always be added
later on. About the shared secrets/passphrases I agree with you that we
wouldn't have to define the same secret for everyone.

Cheers,
 - -Guillermo

[1]
http://www.w3.org/2001/XKMS/Drafts/test-suite/CR-XKMS-test-suite.html#testcollection

El mi, 13-10-2004 a las 12:00, Tommy Lindberg escribi:

> Hi Yunhao -
> 
> Here are some comments and suggestions that came to mind up front:
> 
> 1)
> While I am personally OK with the approach, using XKISS messages to 
> verify that XKRSS operations have produced the expected results may
> exclude implementors that only intend implementing XKRSS, or portions
> thereof, from executing some tests.
> 
> 2)
> Assuming that XKISS messages are used to verify expected results of XKRSS
> requests, it may be more meaningful to incorporate the XKISS messages in the
> actual XKRSS test case as opposed to having them separately, using T101 as
> an example:
> 
>   - verify that binding-to-be-registered does not exist (Validate/Locate)
>   - attempt registration
>   - verify that binding-to-be-registered does exist (Validate/Locate)
> 
> 3)
> I suggest we use Identifier's and DN's that identify the entity acting as a
> client. This will make it easier to do partial purges and will also keep the
> result messages smaller.
> 
> 4)
> I am not in favor of using the same shared secret for everyone.  Not only is
> it not realistic, but it also allows for accidental inteference
> between individual
> testers.
> 
> 5)
> I'd like to see a way to identify the shared secret used in an HMAC signature. I
> propose using a KeyInfo.KeyName in the enclosing Signature element.
> 
> 6)
> There's no need to require a certain passphrase in a revocation
> operation based on a
> revocation code.  The client can choose this at his own discretion.  I'd like to
> see this disappear from T106 to avoid interference.
> 
> 7)
> T106 uses revocation by revocation code; I'd like to see the other two
> options exercised too
> 
>   - revoke by HMAC signature
>   - revoke by private key signature
> 
> 8)
> Shouldn't we mandate checking the optional ProofOfPosession in T101? And T104?
> 
> 9)
> How about registering/reissuing a DSA key?
> 
> 10)
> While not strictly required we might want to state the symmetric
> algorithm used in T103
> and T105.  Personally I (claim to) support all symmetric algorithms
> mentioned in the XML
> Encryption standard.
> 
> Regards
> Tommy
> 
> 
> 
> 
> On Tue, 12 Oct 2004 17:45:22 -0400, Yunhao Zhang <yzhang@sqldata.com> wrote:
> >  
> >   
> > Sorry I missed today's call. 
> >   
> > Attached is a set of revised test cases for XKRSS. As Stephen suggested, I
> > added several Validate tests to verify state changes. Comments or
> > suggestions are welcome. 
> >   
> > Regards, 
> >   
> > Yunhao 
> >   
> >
> 
Received on Wednesday, 13 October 2004 11:36:25 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:39:23 GMT