On Thu, 01 Nov 2001 18:13:59 GMT, Bob Lord <[EMAIL PROTECTED]> allegedly wrote:
>> Speaking of format, we need a way to import/export certificates in any >> of the >> commonly acceptable formats!!! It would also be handy to be able to do >> the same >> with key pairs. > > > Which formats should we support? We currently support PKCS#12. I'd like to be able to export the public portion of my key as an X.509 certificate in PEM format. That way, I can publish it on my web page. Then we need the other bit - to be able to import someone elses certificate from that same PEM format. In this way, someone can take my cert, install it, and send me an encrypted mail. Currently, they have to contact me, ask for a signed message, and wait. I'd also like to be able to export someone elses certificate that I have stored, in this format also. That way I can give a copy of the cert to a work colleague, to save us both obtaining it from a web page. The option to include or exclude the complete certificate chain upon export may also be useful, but only really where the CA is not one of the pre-installed CA's. PKCS#7 Certs-Only message sounds nice in theory, but I don't think is any more useful than a signed message, although it may not hurt to support it. I recall that Netscape 4.7 recognised these messages, indicated that the message contained certificates and then wouldn't let you do anything with them. Understandable though if the cert chain didn't reach a trusted CA, but would be useful to allow an import if it does. - Dave.
