On Wed, 2016-11-23 at 15:21 +0100, Richard Levitte wrote: > In message <1479908025.8937.74.ca...@infradead.org> on Wed, 23 Nov 2016 > 13:33:45 +0000, David Woodhouse <dw...@infradead.org> said: > > dwmw2> On Wed, 2016-11-23 at 13:13 +0000, Salz, Rich wrote: > dwmw2> > > But, what I get from you is "what if a octet stream matches two > different > dwmw2> > > ASN.1 types? Is that it? > dwmw2> > > dwmw2> > Yes among others. How do you know it will *never* happen? > dwmw2> > dwmw2> Because if anyone tries to invent yet *another* ASN.1 form for storing > dwmw2> keys, I am going to personally visit them in the small hours and stick > dwmw2> a bat up their nightshirt? > > (let's keep the heat down, shall we?)
You're no fun :) > dwmw2> Hopefully we don't need to add completely new ones; we can use the > dwmw2> existing PKCS#8 and PKCS#12 containers for new things. > dwmw2> > dwmw2> But even if a new form is invented which is ambiguous with existing > dwmw2> forms, that's OK too. We don't support 'detection' of that new format > dwmw2> by its ASN.1 structure. It'll be PEM-only like the TSS blobs are unless > dwmw2> the type is explicitly specified. > > Errr... Now I'm confused. Wasn't that (explicit type spec) exactly > what you didn't want to see, no matter if the file was PEM or raw DER? I do not want to see it for *reasonable* file types which are in *common* use¹. Users should be able to just give the filename to the application, and expect it to Just Work. Invent something new and esoteric and stupid, and I don't care about that as much. I might have been joking about visiting you in the small hours, but I'm *not* going to tell applications that they have to accept your format automatically, and that they can't make users jump through hoops to explicitly specify it. -- dwmw2 ¹ And I'm still more than happy to take input on which file types meet that definition, and adjust my draft accordingly.
smime.p7s
Description: S/MIME cryptographic signature
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
