On 12/05/2017 23:45, Ryan Sleevi wrote:
On Fri, May 12, 2017 at 2:15 PM Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:

On 12/05/2017 20:43, Ryan Sleevi wrote:
On Fri, May 12, 2017 at 1:50 PM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:

Could something be derived from / based on the ASN.1 format apparently
used by Microsoft in it's root store, with OpenSSL/Mozilla OIDs added
for things that have no Microsoft notation yet.


Why? It's a poor format.


Another starting point (if not the same) could be the "trusted
certificate" format that some openssl commands can generate.


Why? It's a poor format.

You missed that NSS already has these expressions in the form that is
appropriate for NSS. Why change?


The topic of this thread is to get the information in a format
appropriate for use in *other* libraries, such as OpenSSL or
BouncyCastle, both of which are used in Android.


I'm afraid that may be misstating things. The topic is to get the
information at all - which, in cases, it is made available in the NSS trust
DB.

How that is exported is something better suited for those applications, not
this list or discussion. The discussion here is whether that information is
consistently made available in the NSS trust DB (which has its own format)
at all.

I can see how those may be confusing, but hopefully with that clarification
you can understand the difference between discussing format versus
discussing functionality.


This SubThread (going back to Kurt Roeckx's post at 08:06 UTC) is about
suggesting a good format for sharing this info across libraries though.
Discussing that on a list dedicated to a single library (such as NSS or
OpenSSL) would be pointless.

I am trying not to be overly technical in my suggestions, using
descriptive names for the formats rather than going into bits bytes and
source code.




Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to