> Bear Giles wrote: > > > > > To avoid duplication of code I'd say such concerns should be addressed > > > either at the application level or on top of whatever OpenSSL plugin API > > > is adopted. > > > > I think that would be a serious mistake. I'm specifically thinking > > of something like the CA cert repository/JSP code in my postgresql > > library - it's designed to be the store that's published to the world > > as THE official repository for a CA. If it gets bad data stuffed into > > it, the security of an entire organization can be quickly compromised. > > > What would you classify as "bad data" in this case?
A fake root cert and HTTPS certs. Then you do a DNS attack, the victims get the blackhat HTTPS site but when they check the public cert respository it comes back with a full cert chain. Ditto bad object signing certs, bad S/MIME certs, etc. Prime example: the bogus Microsoft cert Verisign issued a while back. That's precisely the type of thing I have in mind. (I doubt Verisign would use my postgresql extensions and these plugins, but a university or midsized company might. Want to get a quick A average, or sidestep a difficult course?) > What I meant to say was that some checks are easier to perform outside > the plugin and may be application specific. I agree that some checks are easier to perform outside the plugin, but my point is that sometimes a plugin may be designed for a specific role that requires it be more aggressive about checking the data for itself. "Weakest link in the chain" and all that. > Is there some specific reason why the API should return a "key" at all > and not just the certificate (or whatever) it corresponds to? As I've mentioned elsewhere, Enterprise Jave Beans. I know this is C, not java, but it isn't hard to write a JNI layer to bind the two.... and a lot of routine chores are a lot easier in java than in C. There's also the issue of memory requirements. If your plugin is covering the cert store for, oh, a major state university you may have 50,000+ certs in it. Do you really want the system to try to allocate sufficient space to hold *that* response? ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
