Maybe It's Snake Oil All the Way Down

[Peter Gutmann]

Derek Atkins <derek at ihtfp.com> writes:

>Actually, the ASN.1 part is a major factor in the X.509 interoperability
>problems.  Different cert vendors include different extensions, or different
>encodings.  They put different information into different parts of the
>certificate (or indeed the same information into different parts).  Does the
>FQDN for a server cert belong in the DN or some extension?  What about the
>email address for a user cert?

That doesn't really have anything to do with ASN.1 though.  You can make just
as big a mess with XML (actually even bigger, in my experience), or EDIFACT,
or whatever.  The problem isn't the bit-bagging format, it's that it's
accumulated such a mass of cruft that no two people can agree on what to put
in there.  Whether the resulting mess is wrapped in ASN.1 or XML or EDIFACT or
plastic pooper scooper bags doesn't really make any difference.

Peter.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com