On 2020-10-13 16:32, Ryan Sleevi wrote:
Jakob,
I had a little trouble following your mail, despite being quite familiar
with PEM, so hopefully you'll indulge me in making sure I've got your
criticisms/complaints correct.
Your objection to the text report is that RFC 7468 requires generators to
wrap lines (except the last line) at exactly 64 characters, right? That is,
the textual report includes the base-64 data with no embedded newlines, and
this causes your PEM decoder trouble, despite being able to easily inject
them programmatically after you download the file.
I was commenting on the /general/ usability of the reports mentioned in
the first message on this thread, by considering what naive parsers
would do upon reading the files. As I have no direct need to parse
these files, I have no actual parser failing to do so.
My comments fell in two categories:
1. The reports that contain /only/ PEM data. I argue that the
traditional format of concatenated PEM files (as used by e.g. the
openssl command line tool) without CSV embellishments would be
preferable, and that the reports in the latest post by Kathleen
lacked the PEM line wrapping while still containing CSV
artifacts.
2. The reports that contain other data in CSV format. I argue that
those reports would be more useful without in-field line breaks, thus
having the Base64 encoded certificates as long strings without PEM
embellishments. Goal is to make them traditional CSV files with one
record per line, commas only between fields and optional double quotes
around non-numerical field values. A sample parser would be awk, cut or
the perl command line option "-F,".
Simply viewing each report in a basic text viewer should make the
problematic format deviations clear.
I'm not sure I fully understand the CSV objection, despite having inspected
the file, so perhaps you can clarify a bit more.
Perhaps the simplest approach would be that you could attach versions that
look how you'd want.
Here are the top 3 lines of IncludedCACertificateWithPEMReport.csv
reformatted (but with extra line breaks every 68 chars for posting
purposes):
"Owner","Certificate Issuer Organization","Certificate Issuer Organ
izational Unit","Common Name or Certificate Name","Certificate Seri
al Number","SHA-256 Fingerprint","Subject + SPKI SHA256","Valid Fro
m [GMT]","Valid To [GMT]","Public Key Algorithm","Signature Hash Al
gorithm","Trust Bits","Distrust for TLS After Date","Distrust for S
/MIME After Date","EV Policy OID(s)","Approval Bug","NSS Release Wh
en First Included","Firefox Release When First Included","Test Webs
ite - Valid","Test Website - Expired","Test Website - Revoked","Moz
illa Applied Constraints","Company Website","Geographic Focus","Cer
tificate Policy (CP)","Certification Practice Statement (CPS)","Sta
ndard Audit","BR Audit","EV Audit","Auditor","Standard Audit Type",
"Standard Audit Statement Dt","PEM Info"
"AC Camerfirma, S.A.","AC Camerfirma SA CIF A82743287","http://www.
chambersign.org","Chambers of Commerce Root","00","0C258A12A5674AEF
25F28BA7DCFAECEEA348E541E6F5CC4EE63B71B361606AC3","BC2FD9EA61581CB2
2BB859690D61430E7D222D1119E8C41649B9B1D556D439A4","2003.09.30","203
7.09.30","RSA 2048 bits","SHA1WithRSA","Email","","","Not EV","http
s://bugzilla.mozilla.org/show_bug.cgi?id=261778","","Firefox 1","",
"","","","http://www.camerfirma.com","Spain","","https://www.camerf
irma.com/publico/DocumentosWeb/politicas/CPS_eidas_EN_1.2.12.pdf","
https://www.csqa.it/getattachment/Sicurezza-ICT/Documenti/Attestazi
one-di-Audit-secondo-i-requisiti-ETSI/2020-03-CSQA-Attestation-CAME
RFIRMA-rev-2-signed.pdf.aspx?lang=it-IT","https://bugzilla.mozilla.
org/attachment.cgi?id=8995930","","CSQA Certificazioni srl","ETSI E
N 319 411","2020.03.05","MIIEvTCCA6WgAwIBAgIBADANBgkqhkiG9w0BAQUFAD
B/MQswCQYDVQQGEwJFVTEnMCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyN
zQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEiMCAGA1UE
AxMZQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdDAeFw0wMzA5MzAxNjEzNDNaFw0zNzA
5MzAxNjEzNDRaMH8xCzAJBgNVBAYTAkVVMScwJQYDVQQKEx5BQyBDYW1lcmZpcm1hIF
NBIENJRiBBODI3NDMyODcxIzAhBgNVBAsTGmh0dHA6Ly93d3cuY2hhbWJlcnNpZ24ub
3JnMSIwIAYDVQQDExlDaGFtYmVycyBvZiBDb21tZXJjZSBSb290MIIBIDANBgkqhkiG
9w0BAQEFAAOCAQ0AMIIBCAKCAQEAtzZV5aVdGDDg2olUkfzIx1L4L1DZ77F1c2VHfRt
bunXF/KGIJPov7coISjlUxFF6tdpg6jg8gbLL8bvZkSM/SAFwdakFKq0fcfPJVD0dBm
pAPrMMhe5cG3nCYsS4No41XQEMIwRHNaqbYE6gZj3LJgqcQKH0XZi/caulAGgq7YN6D
6IUtdQis4CwPAxaUWktWBiP7Zme8a7ileb2R6jWDA+wWFjbw2Y3npuRVDM30pQcakjJ
yfKl2qUMI/cjDpwyVV5xnIQFUZot/eZOKjRa3spAN2cMVCFVd9oKDMyXroDclDZK9D7
ONhMeU+SsTjoF7Nuucpw4i9A5O4kKPnf+dQIBA6OCAUQwggFAMBIGA1UdEwEB/wQIMA
YBAf8CAQwwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5jaGFtYmVyc2lnbi5vc
mcvY2hhbWJlcnNyb290LmNybDAdBgNVHQ4EFgQU45T1sU3p26EpW1eLTXYGduHRooow
DgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzAnBgNVHREEIDAegRxjaGF
tYmVyc3Jvb3RAY2hhbWJlcnNpZ24ub3JnMCcGA1UdEgQgMB6BHGNoYW1iZXJzcm9vdE
BjaGFtYmVyc2lnbi5vcmcwWAYDVR0gBFEwTzBNBgsrBgEEAYGHLgoDATA+MDwGCCsGA
QUFBwIBFjBodHRwOi8vY3BzLmNoYW1iZXJzaWduLm9yZy9jcHMvY2hhbWJlcnNyb290
Lmh0bWwwDQYJKoZIhvcNAQEFBQADggEBAAxBl8IahsAifJ/7kPMa0QOx7xP5IV8EnNr
JpY0nbJaHkb5BkAFyk+cefV/2icZdp0AJPaxJRUXcLo0waLIJuvvDL8y6C98/d3tGfT
oSJI6WjzwFCm/SlCgdbQzALogi1djPHRPH8EjX1wWnz8dHnjs8NMiAT9QUu/wNUPf6s
+xCX6ndbcj0dc97wXImsQEcXCz9ek60AcUFV7nnPKoF2YjpB0ZBzu9Bga5Y34OirsrX
dx/nADydb47kMgkdTXg0eDQ8lJsm7U9xxhl6vSAiSFr+S30Dt+dYvsYyTnQeaN2oaFu
zPu5ifdmA6Ap1erfutGWaIZDgqtCYvDi1czyL+Nw="
"AC Camerfirma, S.A.","AC Camerfirma S.A.","","Chambers of Commerce
Root - 2008","00A3DA427EA4B1AEDA","063E4AFAC491DFD332F3089B8542E94
617D893D7FE944E10A7937EE29D9693C0","849AD3279D9B805A288339468C41774
4AC1CE2758A6E283A446685384D5D6CD2","2008.08.01","2038.07.31","RSA 4
096 bits","SHA1WithRSA","Websites;Email","","","1.3.6.1.4.1.17326.1
0.14.2.1.2","https://bugzilla.mozilla.org/show_bug.cgi?id=406968",";
NSS 3.12.9","Firefox 4.0","https://server3ok.camerfirma.com","https
://server3.camerfirma.com","https://server3rv.camerfirma.com","","h
ttp://www.camerfirma.com","Spain","","https://www.camerfirma.com/pu
blico/DocumentosWeb/politicas/CPS_eidas_EN_1.2.12.pdf","https://www
..csqa.it/getattachment/Sicurezza-ICT/Documenti/Attestazione-di-Audi
t-secondo-i-requisiti-ETSI/2020-03-CSQA-Attestation-CAMERFIRMA-rev-
2-signed.pdf.aspx?lang=it-IT","https://www.csqa.it/getattachment/Si
curezza-ICT/Documenti/Attestazione-di-Audit-secondo-i-requisiti-ETS
I/2020-03-CSQA-Attestation-CAMERFIRMA-rev-2-signed.pdf.aspx?lang=it
-IT","https://www.csqa.it/getattachment/Sicurezza-ICT/Documenti/Att
estazione-di-Audit-secondo-i-requisiti-ETSI/2020-03-CSQA-Attestatio
n-CAMERFIRMA-rev-2-signed.pdf.aspx?lang=it-IT","CSQA Certificazioni
srl","ETSI EN 319 411","2020.03.05","MIIHTzCCBTegAwIBAgIJAKPaQn6ks
a7aMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYDVQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlk
IChzZWUgY3VycmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXN
zKTESMBAGA1UEBRMJQTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS
4xKTAnBgNVBAMTIENoYW1iZXJzIG9mIENvbW1lcmNlIFJvb3QgLSAyMDA4MB4XDTA4M
DgwMTEyMjk1MFoXDTM4MDczMTEyMjk1MFowga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQH
EzpNYWRyaWQgKHNlZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29
tL2FkZHJlc3MpMRIwEAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVyZm
lybWEgUy5BLjEpMCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAtIDIwM
DgwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCvAMtwNyuAWko6bHiUfaN/
Gh/2NdW928sNRHI+JrKQUrpjOyhYb6WzbZSm891kDFX29ufyIiKAXuFixrYp4YFs8r/
lfTJqVKAyGVn+H4vXPWCGhSRv4xGzdz4gljUha7MI2XAuZPeEklPWDrCQiorjh40G07
2QDuKZoRuGDtqaCrsLYVAGUvGef3bsyw/QHg3PmTA9HMRFEFis1tPo1+XqxQEHd9ZR5
gN/ikilTWh1uem8nk4ZcfUyS5xtYBkL+8ydddy/Js2Pk3g5eXNeJQ7KXOt3EgfLZEFH
cpOrUMPrCXZkNNI5t3YRCQ12RcSprj1qr7V9ZS+UWBDsXHyvfuK2GNnQm05aSd+pZgv
MPMZ4fKecHePOjlO+Bd5gD2vlGts/4+EhySnB8esHnFIbAURRPHsl18TlUlRdJQfKFi
C4reRB7noI/plvg6aRArBsNlVq5331lubKgdaX8ZSD6e2wsWsSaR6s+12pxZjptFtYe
r49okQ6Y1nUCyXeG0+95QGezdIp1Z8XGQpvvwyQ0wlf2eOKNcx5Wk0ZN5K3xMGtr/R5
JJqyAQuxr1yW84Ay+1w9mPGgP0revq+ULtlVmhduYJ1jbLhjya6BXBg14JC7vjxPNyK
5fuvPnnchpj04gftI2jE9K+OJ9dC1vX7gUMQSibMjmhAxhduub+84Mxh2EQIDAQABo4
IBbDCCAWgwEgYDVR0TAQH/BAgwBgEB/wIBDDAdBgNVHQ4EFgQU+SSsD7K1+HnA+mCIG
8TZTQKeFxkwgeMGA1UdIwSB2zCB2IAU+SSsD7K1+HnA+mCIG8TZTQKeFxmhgbSkgbEw
ga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpNYWRyaWQgKHNlZSBjdXJyZW50IGFkZHJ
lc3MgYXQgd3d3LmNhbWVyZmlybWEuY29tL2FkZHJlc3MpMRIwEAYDVQQFEwlBODI3ND
MyODcxGzAZBgNVBAoTEkFDIENhbWVyZmlybWEgUy5BLjEpMCcGA1UEAxMgQ2hhbWJlc
nMgb2YgQ29tbWVyY2UgUm9vdCAtIDIwMDiCCQCj2kJ+pLGu2jAOBgNVHQ8BAf8EBAMC
AQYwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHA6Ly9wb2xpY3k
uY2FtZXJmaXJtYS5jb20wDQYJKoZIhvcNAQEFBQADggIBAJASryI1wqM58C7e6bXpeH
xIvj99RZJe6dqxGfwWPJ+0W2aeaufDuV2I6A+tzyMP3iU6XsxPpcG1Lawk0lgH3qLPa
YRgM+gQDROpI9CF5Y57pp49chNyM/WqfcZjHwj0/gF/JM8rLFQJ3uIrbZLGOU8W6jx+
ekbURWpGqOt1glanq6B8aBMz9p0w8G8nOSQjKpD9kCk18pPfNKXG9/jvjA9iSnyu0/V
U+I22mlaHFoI6M6taIgj3grrqLuBHmrS1RaMFO9ncLkVAO+rcf+g769HsJtg1pDDFOq
xXnrN2pSB7+R5KBWIBpih1YJeSDW4+TTdDDZIVnBgizVGZoCkaPF+KMjNbMMeJL0eYD
6MDxvbxrN8y8NmBGuScvfaAFPDRLLmF9dijscilIeUcE5fuDr3fKanvNFNb0+RqE4QG
tjICxFKuItLcsiFCGtpA8CnJ7AoMXOLQusxI0zcKzBIKinmwPQN/aUv0NCB9szTqjkt
k9T79syNnFQ0EuPAtwQlRPLJsFfClI9eDdOTlLsn+mCdCxqvGnrDQWzilm1DefhiYtU
U79nm06PcaewaD+9CL2rvHvRirCG88gGtAPxkZumWK5r7VXNM21+9AUiRgOGcEMeyP8
4LG3rlV8zsxkVrctQgVrXYlCg17LofiDKYGvCYQbTed7N14jHyAxfDZd0jQ"
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
