I did want to interject, that using something like DER can be a real pain, but as long as it is also human readable then I won't complain :)
Thomas S. Hatch | Founder, CTO 5272 South College Drive, Suite 301 | Murray, UT 84123 [email protected] | www.saltstack.com <http://saltstack.com/> On Fri, Oct 11, 2013 at 8:22 AM, Pieter Hintjens <[email protected]> wrote: > OK, so I'm taking the SSH2 format, more or less, and expanding on that > to make something that covers our needs. I'll post a proposal shortly > (was going to do it this morning but got sidetracked installing Ubuntu > onto an old laptop). > > On Fri, Oct 11, 2013 at 2:15 PM, T. Linden <[email protected]> wrote: > >> I'd rather have a single format for all variants. It means one parser. > > > > One more point: You're talking about parsers, because one of the > > objectives is to have a format recognizable by humans like the one > > proposed by Tony. That's a good idea but it has a drawback: if it's > > readable by humans it's editable by humans as well. A parser for it has > > to be very robust therefore. > > > > So, why not using something easily recognizable by software, encoding it > > with something like DER and putting the same information in human > > readable form into the cert as well. Eg: > > > > -----BEGIN CURVE CERTIFICATE BLOCK----- > > email: foo@bar > > oid: CN=foo.bar/ORG=blah > > public-key: "<0<Q15Hu+:}DlM9>W@$k:IPzurEqX4+N1<$@uczj" > > > > IyAgICoqKiogIEdlbmVyYXRlZCBvbiAyMDEzLTA5LTI5IDAwOjMzOjIwIGJ5IENa > > TVEgICoqKioKIyAgIFplcm9NUSBDVVJWRSBQdWJsaWMgQ2VydGlmaWNhdGUKIyAg > > IEV4Y2hhbmdlIHNlY3VyZWx5LCBvciB1c2UgYSBzZWN1cmUgbWVjaGFuaXNtIHRv > > IHZlcmlmeSB0aGUgY29udGVudHMKIyAgIG9mIHRoaXMgZmlsZSBhZnRlciBleGNo > > YW5nZS4gU3RvcmUgcHVibGljIGNlcnRpZmljYXRlcyBpbiB5b3VyIGhvbWUKIyAg > > IGRpcmVjdG9yeSwgaW4gdGhlIC5jdXJ2ZSBzdWJkaXJlY3RvcnkuCgptZXRhZGF0 > > YQogICAgbmFtZSA9ICJrIgogICAgYWVzMjU2LWVuY3J5cHRlZC1zZWNyZXQgPSAi > > ZGlzYWJsZWQiCiAgICBvcmcgPSAieCIKICAgIGVtYWlsID0gImEiCmN1cnZlCiAg > > ICBwdWJsaWMta2V5ID0gIjwwPFExNUh1Kzp9RGxNOT5XQCRrOklQenVyRXFYNCtO > > MTwkQHVjemoiCg== > > -----BEGIN CURVE CERTIFICATE BLOCK----- > > > > A parser would then just ignore the human-readable stuff and only use > > the encoded content. So, if someone edits the stuff, it doesn't matter > > and will not make the certificate invalid. > > > > Of course such a solution would require users to use a tool to maintain > > certificates. But it doesn't work without a tool anyway, since the > > keypairs cannot be created "by hand". > > > > > > > > best regards, > > Tom > > > > -- > > PGP Key: https://www.daemon.de/txt/tom-pgp-pubkey.txt > > S/Mime Cert: https://www.daemon.de/txt/tom-smime-cert.pem > > Bitmessage: BM-2DAcYUx3xByfwbx2bYYxeXgq3zDscez8wC > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > _______________________________________________ > > zeromq-dev mailing list > > [email protected] > > http://lists.zeromq.org/mailman/listinfo/zeromq-dev > _______________________________________________ > zeromq-dev mailing list > [email protected] > http://lists.zeromq.org/mailman/listinfo/zeromq-dev >
_______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
