On Fri, Oct 11, 2013 at 10:56 AM, Richard Barnes <r...@ipv.sx> wrote:
> I would note that the JSON Web Key [1] spec from the JOSE WG provides a
> similar, much simpler format than PKCS#12. Just have JWK Set with one
> public, unencrypted member, and one encrypted member:
>
> [
> { "kty": "RSA", "n": "...", "e": "...", "x5c": "..." },
> JWE({ "kty": "RSA", "n": "...", "e": "...", "d": "..." })
> ]
>
> Since software is going to have to change in any case to use a revised
> PKCS#12, I wonder if it might not be a better idea to ditch ASN.1 while
> we're at it.
>
Actually I had pretty much done that before making the post. I am actually
sending PKCS#8 encrypted keys to the cloud.
But there is a value in being able to return a PKCS#12 which is that
several programs and platforms will eat them as input and store the keys in
the desired places. So for that it is a legacy compatibility issue. And so
when I found the PKCS#12 docs to be basically unreadable, I had a problem.
As for getting rid of Assanine 1, I would love to get rid of it completely.
But as a pragmatic matter, there is just too much ASN.1 already. I have
even had to reluctantly write a key signing format in Assanine.1 because
having the cert and key signing in different syntaxes is just too confusing.
--
Website: http://hallambaker.com/
_______________________________________________
perpass mailing list
perpass@ietf.org
https://www.ietf.org/mailman/listinfo/perpass
