Richard Levitte <levi...@openssl.org> skrev: (23 november 2016 22:23:18 CET) > > >David Woodhouse <dw...@infradead.org> skrev: (23 november 2016 19:42:29 >CET) >>On Wed, 2016-11-23 at 17:00 +0000, Salz, Rich wrote: >>> >>> > FWIW I am perfectly content for applications *not* to >automatically >>work >>> > with such keys. Making the user jump through extra hoops to use >>them >>> > would be perfectly fine in my book. >>> >>> oh I see. "Users shouldn't care, it should just work" But only for >>some keys. >>> >>> Part of my I am opposed to guessing. >> >>For me it's the other way round. Magically detecting *that* particular >>perfectly valid PKCS#1 RSA key is actually intended for the gem engine >>would indeed be guessing. It's a bizarre abuse of PKCS#1 and it >doesn't >>seem reasonable for anyone to "guess" that without explicit direction. >> >>But for the sane and common cases of PKCS#1, PKCS#8, PKCS#12 and >>similar files in both DER and PEM forms, for *those* it makes sense >for >>applications to Just Work. And it shouldn't really involve "guessing". > >I take that as "recognizing what we decide to support". And as has >already been mentioned, we already do that with d2i_AutoPrivatekey.
That being said, though, your recommendation should probably specify (after discussing it) exactly what keys, certs and so on should be supported. Otherwise, everyone will have a slightly different idea of what's reasonable and you will end up in the same space as today... Cheers Richard -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev