Hal: > >> I would like to push back on the idea of only supporting > naked public keys. It > >> is my understanding that common cryto libraries, e.g. > OpenSSL, expect public > >> keys to be in certificates and the coding to get them to > accept a naked key as > >> input is ugly. I don't think they care if the cert is self > signed or even > >> signed at all, its just a format issue.
Joe: > > Just doing the math yourself, from scratch, is pretty easy > if you have the > > bare key. It's nigh-on trivial if you have a bigint > library. Solution: > > don't use OpenSSL. I propose we don't get bogged down in > the certificate > > problem for the moment. Eric: > Cryptographer's warning: do not do this. Hard hat area ahead. I am with Eric here. I would like to explicitly state that I think it is NOT desirable to do anything which encourages people to do new implementations of crypto operations. The corollary is that the spec should specify objects in formats which make them easy to be passed as arguments to existing libraries, especially libraries which are likely to be present in the target environment. Hal _______________________________________________ woes mailing list [email protected] https://www.ietf.org/mailman/listinfo/woes
