ITU-T recommendations for X.509v3 certificates
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Sat Jul 5 08:37:49 EDT 2008
Florian Weimer <fw at deneb.enyo.de> writes:
>* Peter Gutmann:
>>>Or is it unreasonable to expect that the specs match what is actually needed
>>>for interoperability with existing implementations (mostly in the TLS, S/MIME
>>>area)?
>>
>> There is very little correspondence between PKI specs and reality.
>
>I should have written that my main goal was to extract the public key
>material, and perhaps the validity period. I want to use the
>certificates as interoperable public key containers,
That's the best way to use them. For one thing it doesn't create any mistaken
impression that setting a particular extension will have any useful effect
when the software at the other end sees it :-).
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list