subject:"\[FORGED\] Re\: Machine\- and human\-readable format for root store information\?"

Re: [FORGED] Re: Machine- and human-readable format for root store information?

2017-07-02 Thread David Adrian via dev-security-policy

To be clear: I don't care what format the certificates are released in, I
am primarily interested in a reliable URL to download for each root store.
I personally will be converting them to OpenSSL-style PEM-encoded-DER to be
used with common X.509 libraries. I suspect others will also be interested
in this format, but I see no reason to bikeshed what PEM means.

On Sat, Jul 1, 2017 at 12:52 AM Peter Gutmann 
wrote:

> Peter Gutmann via dev-security-policy <
> dev-security-policy@lists.mozilla.org> writes:
>
> >You keep using that word... I do not think it means what you think it
> does.
>
> "... what you think it means".  Dammit.
>
> Peter.
>
-- 
David Adrian
https://dadrian.io
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Re: [FORGED] Re: Machine- and human-readable format for root store information?

2017-06-30 Thread Peter Gutmann via dev-security-policy

Peter Gutmann via dev-security-policy  
writes:

>You keep using that word... I do not think it means what you think it does.

"... what you think it means".  Dammit.

Peter.
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Re: [FORGED] Re: Machine- and human-readable format for root store information?

2017-06-30 Thread Peter Gutmann via dev-security-policy

David Adrian via dev-security-policy  
writes:

>I'd like to see either a reliable URL to fetch that can be converted to PEM
>(i.e. what Microsoft does), or some API you can hit to the store (e.g. what
>CT does).

PEM.  You keep using that word... I do not think it means what you think it
does.  Technically speaking, PEM is the data format for Privacy Enhanced Mail,
usually applied to the ASCII wrapping for the binary data.  In practice, it's
used to denote OpenSSL's proprietary private-key format.  Neither of those
seem terribly useful for communicating trusted certificates.

If you do want a standard format for them that pretty much anything should
already be able to understand, why not use CMS/PKCS #7 certificate
sets/collections/chains?  Almost anything that deals with certs should already
be able to read those.  Sure, it won't do metadata, but for that you'll need
to spend three years arguing in a standards group and produce a 100-page RFC
that no-one can get interoperability on.  OTOH PKCS #7 works right now.

Peter.
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Re: [FORGED] Re: Machine- and human-readable format for root store information?

Re: [FORGED] Re: Machine- and human-readable format for root store information?

Re: [FORGED] Re: Machine- and human-readable format for root store information?

3 matches

Site Navigation

Mail list logo

Footer information