Re: [openssl-dev] OpenSSL and certain PEM formats

On 12/21/2014 8:33 AM, Kurt Roeckx wrote: On Sat, Dec 20, 2014 at 02:29:44PM +, Dr. Stephen Henson wrote: On Fri, Dec 19, 2014, Sean Leonard wrote: On Dec 19, 2014, at 11:35 AM, Kurt Roeckx wrote: On Fri, Dec 19, 2014 at 03:05:32PM +, Viktor Dukhovni wrote: On Fri, Dec 19, 2014 at

Re: [openssl-dev] OpenSSL and certain PEM formats

On Dec 19, 2014, at 11:35 AM, Kurt Roeckx wrote: > On Fri, Dec 19, 2014 at 03:05:32PM +, Viktor Dukhovni wrote: >> On Fri, Dec 19, 2014 at 08:47:55AM -0500, Daniel Kahn Gillmor wrote: >> >>> Does OpenSSL have documented someplace exactly what it means to have a >>> "TRUSTED CERTIFICATE"? >>

Re: [openssl-dev] OpenSSL and certain PEM formats

On 12/19/2014 5:47 AM, Daniel Kahn Gillmor wrote: On 12/18/2014 04:42 AM, Kurt Roeckx wrote: On Wed, Dec 17, 2014 at 08:34:52PM +0100, Erwann Abalea wrote: Le 17/12/2014 20:17, Viktor Dukhovni a écrit : On Wed, Dec 17, 2014 at 10:56:34AM -0800, Sean Leonard wrote: For reference for the

Re: [openssl-dev] OpenSSL and certain PEM formats

On 12/18/2014 4:41 AM, Salz, Rich wrote: Are you trying to be proscriptive (say what people should use) or descriptive (document what is in use)? Yes, PKCS8-based PRIVATE KEY is better. But RSA PRIVATE KEY is in (wide) use and should be described. I am trying to be proscriptively descriptiv

Re: [openssl-dev] OpenSSL and certain PEM formats

On 12/17/2014 11:04 AM, Salz, Rich wrote: Probably also worth documenting the legacy "RSA PRIVATE KEY" defined by openssl and used mainly in legacy pre-pkcs8 support There is a paragraph on "algorithm agility"; the legacy labels (like RSA PRIVATE KEY) are not mentioned because for interchange

Re: [openssl-dev] OpenSSL and certain PEM formats

On 12/17/2014 10:00 AM, Dr. Stephen Henson wrote: On Wed, Dec 17, 2014, Sean Leonard wrote: #define PEM_STRING_PARAMETERS"PARAMETERS" (note, this label does not have any algorithms in it, so I presume it refers to some kind of generic parameter structure) It's use

Re: [openssl-dev] OpenSSL and certain PEM formats

On 12/17/2014 8:34 AM, Salz, Rich wrote: I am putting the finishing touches on an Internet-Draft for textual encodings of security structures , which OpenSSL refers to as the "PEM format". Cool. You know why it's called PEM format, rig

[openssl-dev] OpenSSL and certain PEM formats

Hi OpenSSL devs: I am putting the finishing touches on an Internet-Draft for textual encodings of security structures , which OpenSSL refers to as the "PEM format". While reviewing OpenSSL's behavior, I noticed a few esoteric labels

Request restoring 'uniqueIdentifier'

Hi OpenSSL devs: According to RFC 4524 (http://tools.ietf.org/html/rfc4524), the attribute 0.9.2342.19200300.100.1.44 for a unique identifier (as a DirectoryString) for an object has an official attribute descriptor of 'uniqueIdentifier'. At one point, OpenSSL may have supported uniqueIdenti

Request adding 'drink' to 'favouriteDrink' in objects.txt

Hi OpenSSL devs: According to RFC 4524 (http://tools.ietf.org/html/rfc4524), the attribute 0.9.2342.19200300.100.1.5 for a person's favorite drink has an official attribute descriptor of 'drink'. 'favouriteDrink' is marked as 'historic'. Can objects.txt be updated so that 'drink' is the shor

[openssl.org #2369] mail/rfc822Mailbox should be encoded as IA5String, not DirectoryString

Bug Report OpenSSL 1.0.0 encodes the DN attribute rfc822Mailbox, also known as "mail", "MAIL", or 0.9.2342.19200300.100.1.3, as a DirectoryString (specifically, a TeletexString/T61String) when it contains characters such as the @ symbol. However, the RFCs on the topic (1274, 4524) are consis