On 22 June 2010 02:40, Manger, James H <[email protected]> wrote: > Nat and Ben, > > > >>>> In addition to Ben's questions, I have another. For X.509, you seem to > >>>> be using DER. How do you express the entire certificate chain using > >>>> DER? > >>>> (With PEM, you can just concatenate ... ) > >>> > >>> With DER you can concatenate, too, of course. There's also PKCS#n (for > >>> some value of n which I forget ... 12?) which allows bundling of cert > >>> chains. > >> > >> That's PKCS#12, I suppose. I had under an impression that PKCS#12 includes >> the > >> private key, though. > > > > > > A *.p7c file can be used to hold any number of certificates. It is a > BER-encoded PKCS#7 value, now known as Cryptographic Message Syntax (CMS) > standard [RFC 5652]. It is the ASN.1 syntax used for S/MIME signed email. If > you only want to send certificates, just leaving out the > content-to-be-signed, and the signatures.
Ah, thanks, I thought there was something less kludgey than PKCS#12. > > > > Such a file can hold any number of certificates, including public-key > certificates, attribute certificates, or other certificate formats. > > It can also hold CRLs and other revocation information (including OCSP > responses as per draft-turner-additional-cms-ri-choices). > > > > CMS/PKCS#7 is better for this purpose than PKCS#12. > > > > -- > > James Manger > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth > > _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
