> I'd rather have a single format for all variants. It means one parser.
One more point: You're talking about parsers, because one of the objectives is to have a format recognizable by humans like the one proposed by Tony. That's a good idea but it has a drawback: if it's readable by humans it's editable by humans as well. A parser for it has to be very robust therefore. So, why not using something easily recognizable by software, encoding it with something like DER and putting the same information in human readable form into the cert as well. Eg: -----BEGIN CURVE CERTIFICATE BLOCK----- email: foo@bar oid: CN=foo.bar/ORG=blah public-key: "<0<Q15Hu+:}DlM9>W@$k:IPzurEqX4+N1<$@uczj" IyAgICoqKiogIEdlbmVyYXRlZCBvbiAyMDEzLTA5LTI5IDAwOjMzOjIwIGJ5IENa TVEgICoqKioKIyAgIFplcm9NUSBDVVJWRSBQdWJsaWMgQ2VydGlmaWNhdGUKIyAg IEV4Y2hhbmdlIHNlY3VyZWx5LCBvciB1c2UgYSBzZWN1cmUgbWVjaGFuaXNtIHRv IHZlcmlmeSB0aGUgY29udGVudHMKIyAgIG9mIHRoaXMgZmlsZSBhZnRlciBleGNo YW5nZS4gU3RvcmUgcHVibGljIGNlcnRpZmljYXRlcyBpbiB5b3VyIGhvbWUKIyAg IGRpcmVjdG9yeSwgaW4gdGhlIC5jdXJ2ZSBzdWJkaXJlY3RvcnkuCgptZXRhZGF0 YQogICAgbmFtZSA9ICJrIgogICAgYWVzMjU2LWVuY3J5cHRlZC1zZWNyZXQgPSAi ZGlzYWJsZWQiCiAgICBvcmcgPSAieCIKICAgIGVtYWlsID0gImEiCmN1cnZlCiAg ICBwdWJsaWMta2V5ID0gIjwwPFExNUh1Kzp9RGxNOT5XQCRrOklQenVyRXFYNCtO MTwkQHVjemoiCg== -----BEGIN CURVE CERTIFICATE BLOCK----- A parser would then just ignore the human-readable stuff and only use the encoded content. So, if someone edits the stuff, it doesn't matter and will not make the certificate invalid. Of course such a solution would require users to use a tool to maintain certificates. But it doesn't work without a tool anyway, since the keypairs cannot be created "by hand". best regards, Tom -- PGP Key: https://www.daemon.de/txt/tom-pgp-pubkey.txt S/Mime Cert: https://www.daemon.de/txt/tom-smime-cert.pem Bitmessage: BM-2DAcYUx3xByfwbx2bYYxeXgq3zDscez8wC -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. _______________________________________________ zeromq-dev mailing list zeromq-dev@lists.zeromq.org http://lists.zeromq.org/mailman/listinfo/zeromq-dev