[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: encoding an X.509 certificate

To: Peter Gutmann <pgut001@xxxxxxxxxxxxxxxxx>
Subject: Re: encoding an X.509 certificate
From: "Timothy J. Miller" <tmiller@xxxxxxxxx>
Date: Wed, 12 Nov 2008 09:31:26 -0600
Cc: DPKemp@xxxxxxxxxxxxxx, ietf-pkix@xxxxxxx
In-reply-to: <E1Kyi83-0001TX-7W@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <E1Kyi83-0001TX-7W@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: owner-ietf-pkix@xxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.17 (Windows/20080914)

Peter Gutmann wrote:

If you follow the spec in this regard you get 100% unreliability, not
reliability - your PKI application when shipped will break repeatedly whenever
it encounters a non-DER certificate, while everything else will work just
fine.  So "X.509 dogma" is for X.509 dogmatists and pretty much no-one else.


Postel's Law, anyone?  :)

-- Tim

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Follow-Ups:
- Re: encoding an X.509 certificate
  - From: Tom Gindin

References:
- RE: encoding an X.509 certificate
  - From: Peter Gutmann

Prev by Date: Agenda uploaded
Next by Date: Re: encoding an X.509 certificate
Previous by thread: RE: encoding an X.509 certificate
Next by thread: Re: encoding an X.509 certificate
Index(es):
- Date
- Thread