OK, so I'm taking the SSH2 format, more or less, and expanding on that to make something that covers our needs. I'll post a proposal shortly (was going to do it this morning but got sidetracked installing Ubuntu onto an old laptop).
On Fri, Oct 11, 2013 at 2:15 PM, T. Linden <[email protected]> wrote: >> I'd rather have a single format for all variants. It means one parser. > > One more point: You're talking about parsers, because one of the > objectives is to have a format recognizable by humans like the one > proposed by Tony. That's a good idea but it has a drawback: if it's > readable by humans it's editable by humans as well. A parser for it has > to be very robust therefore. > > So, why not using something easily recognizable by software, encoding it > with something like DER and putting the same information in human > readable form into the cert as well. Eg: > > -----BEGIN CURVE CERTIFICATE BLOCK----- > email: foo@bar > oid: CN=foo.bar/ORG=blah > public-key: "<0<Q15Hu+:}DlM9>W@$k:IPzurEqX4+N1<$@uczj" > > IyAgICoqKiogIEdlbmVyYXRlZCBvbiAyMDEzLTA5LTI5IDAwOjMzOjIwIGJ5IENa > TVEgICoqKioKIyAgIFplcm9NUSBDVVJWRSBQdWJsaWMgQ2VydGlmaWNhdGUKIyAg > IEV4Y2hhbmdlIHNlY3VyZWx5LCBvciB1c2UgYSBzZWN1cmUgbWVjaGFuaXNtIHRv > IHZlcmlmeSB0aGUgY29udGVudHMKIyAgIG9mIHRoaXMgZmlsZSBhZnRlciBleGNo > YW5nZS4gU3RvcmUgcHVibGljIGNlcnRpZmljYXRlcyBpbiB5b3VyIGhvbWUKIyAg > IGRpcmVjdG9yeSwgaW4gdGhlIC5jdXJ2ZSBzdWJkaXJlY3RvcnkuCgptZXRhZGF0 > YQogICAgbmFtZSA9ICJrIgogICAgYWVzMjU2LWVuY3J5cHRlZC1zZWNyZXQgPSAi > ZGlzYWJsZWQiCiAgICBvcmcgPSAieCIKICAgIGVtYWlsID0gImEiCmN1cnZlCiAg > ICBwdWJsaWMta2V5ID0gIjwwPFExNUh1Kzp9RGxNOT5XQCRrOklQenVyRXFYNCtO > MTwkQHVjemoiCg== > -----BEGIN CURVE CERTIFICATE BLOCK----- > > A parser would then just ignore the human-readable stuff and only use > the encoded content. So, if someone edits the stuff, it doesn't matter > and will not make the certificate invalid. > > Of course such a solution would require users to use a tool to maintain > certificates. But it doesn't work without a tool anyway, since the > keypairs cannot be created "by hand". > > > > best regards, > Tom > > -- > PGP Key: https://www.daemon.de/txt/tom-pgp-pubkey.txt > S/Mime Cert: https://www.daemon.de/txt/tom-smime-cert.pem > Bitmessage: BM-2DAcYUx3xByfwbx2bYYxeXgq3zDscez8wC > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > _______________________________________________ > zeromq-dev mailing list > [email protected] > http://lists.zeromq.org/mailman/listinfo/zeromq-dev _______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
