On 11/07/2012 11:32 AM, Ivan Shmakov wrote: > To put it short, the application in question uses > “self-certified identifiers”; i. e., the public key /is/ the > identifier of the peer. Thus, there doesn't seem to be any > reason whatsoever to sign the public keys used, and both X.509 > and OpenPGP hence become of little use.
yes, understood. Given the ubiquity of these certificate formats, the simplest thing for you to do with your application is to treat the certificate format as a (bulky, overcomplicated) container format for your public key material. Self-signed certificates (or even un-signed certificates with a bogus signing mechanism) are perfectly capable of transporting public key material. --dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Help-gnutls mailing list Help-gnutls@gnu.org https://lists.gnu.org/mailman/listinfo/help-gnutls