> That's not the proposal. The proposal is to use PEM form because we can > make it uniquely self describing using the guard tags which obviates the > problem above.
Well that's what you want. David wants more than that :) > On the larger issue of non-self describing formats like ASN.1: if your theory > that there's a security hole by allowing opportunistic format detection is > correct, simply making the user specify is palming our bug off on to the user > and abdicating responsibility because now when they're tricked into an > exploit they can be blamed not openssl. If such a bug exists, doing > opportunistic format detection the better guarantor of overall system > security because if such a bug is found, it would have to be fixed within > openssl to everyone's benefit. We differ. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
