On 11/07/2012 11:32 AM, Ivan Shmakov wrote: > To put it short, the application in question uses > “self-certified identifiers”; i. e., the public key /is/ the > identifier of the peer. Thus, there doesn't seem to be any > reason whatsoever to sign the public keys used, and both X.509 > and OpenPGP hence become of little use.
yes, understood. Given the ubiquity of these certificate formats, the
simplest thing for you to do with your application is to treat the
certificate format as a (bulky, overcomplicated) container format for
your public key material.
Self-signed certificates (or even un-signed certificates with a bogus
signing mechanism) are perfectly capable of transporting public key
material.
--dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Help-gnutls mailing list Help-gnutls@gnu.org https://lists.gnu.org/mailman/listinfo/help-gnutls
