On the usual basis I'll start with a minimal plausible solution that covers the problems we have today. Solving theoretical problems tends to lead to making stuff we don't ever use...
On Fri, Oct 4, 2013 at 4:55 PM, Tom Cocagne <[email protected]> wrote: > The endpoints in my example address the specific problem of my not being > able to think up good examples of relevant metadata (midnight e-mails... you > know how it is ;-). > > One area that might warrant an initial RFC section would be for defining the > required minimum for validating a certificate chain. It probably shouldn't > be a mandatory field overall but it's one of those things that will be > continually re-invented unless there's already a good way to do it. Perhaps > something along the lines of the following: > > ========= > uuid: 9af3d710-e762-4cf4-a9cb-e5a5899bf3c8 > public_key: 81A...BF > > [zmq.rfc111] > may_sign_sub_certificates = False > > [signatures] > (dropping to JSON notation for nesting support) > { "zmq.rfc111", [ "a58af667-fca1-4bfc-90a7-f4653f6fc1af" : { > {"zmq.rfc111" : {"may_sign_sub_certificates" : true, "parent" : > ''d027128d-a0af-48a8-8dfd-65f9ea2e47b1", ...}}, > "d027128d-a0af-48a8-8dfd-65f9ea2e47b1" { ... } > ], > } > ========= > > > On Fri, Oct 4, 2013 at 2:39 AM, Pieter Hintjens <[email protected]> wrote: >> >> On Fri, Oct 4, 2013 at 7:13 AM, Tom Cocagne <[email protected]> wrote: >> >> > ==== Begin ZMQ Cert ==== >> > uuid: 9af3d710-e762-4cf4-a9cb-e5a5899bf3c8 >> > public_key: 81A...BF >> > [org.cocagne.home_network] >> > name: cool_zmq_app_server >> > webserver_port: 1234 >> > [zmq.rfc1034] >> > dns_name: org.cocagne.home_network.cool_zmq_app_server >> > http_port: 1234 >> > client_authentication_required: True >> > [signatures] >> > ... >> > ==== End ZMQ Cert ==== >> >> OK, this is great, and goes on my whiteboard as the first strawman for >> a certificate format. >> >> - begin/end markers so multiple certs can be sent in an email >> - unique UUID to... to allow unique identification >> - RFC-specific sections with defined fields >> >> What problem do the endpoint sections address? >> >> -Pieter >> _______________________________________________ >> zeromq-dev mailing list >> [email protected] >> http://lists.zeromq.org/mailman/listinfo/zeromq-dev > > > > _______________________________________________ > zeromq-dev mailing list > [email protected] > http://lists.zeromq.org/mailman/listinfo/zeromq-dev > _______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
