[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Displaying an X.509 certificate -Reply

To: ietf-pkix@xxxxxxxxxx, denny@xxxxxxxxxxxxxxxxxx, peter@xxxxxxxxxxxx
Subject: RE: Displaying an X.509 certificate -Reply
From: Bob Jueneman <bjueneman@xxxxxxxxxx>
Date: Fri, 22 Nov 1996 14:46:18 -0700
Cc: hoffmanm@xxxxxxxxxxxxxxxx, baum@xxxxxxxxxxxx

I concur with the desirability of having a convenient way to display 
ALL of the contents of a certificate, even those private attributes
for which the syntax may not be known to a given application
program. 

But in addition to having a convenient and user-friendly (Unicode)
certificate dump program, it would also be extremely useful if
the major CA and CA tool developers would publish the standard
syntax and semantics of the certificates they are currently 
producing or plan to produce. I don't think vendors ought to have
to reverse-engineer certificate formats in order to display the 
contents within an application.

I'd like to specifically request that VeriSign and GTE CyberTrust 
provide some industry leadership in such an initiative.

Bob

>>> Peter Williams <peter@verisign.com> 11/21/96 10:40am >>>
This is highly touchy subject!

For several legal reasons there are needs to "document"
a certificate. There is a formal notation system for
ASN.1 values, fortunately, as there are for
ASN.1 types. Its been my recommendation to
date that one uses this formalism as
it has international recognition, and therefore
a certain legal standing because of that
concensus, review, and voting procedure.

Whilst ASN.1 value notation may suit court proceedings, the particular
form, arguably, does not suit residential consumers - from
the perpective of their fully understanding what
is being presented. But, looking at EDI, SPKI, PGP and ASN.1
certs, I dont think anyone of these forms will ever fit that bill, however. 

next. The world is no longer reduced to American ascii character
sets, and in an international setting such as the
internet, any popular consumer format really has to embrace
multi-byte char sets, especially when these chars are used 
to signal peoples names. ASN.1 has the benefit (and deliberate design) that
its value notation is flexible enough to present strings in
particular char sets natively (human readable form!), not in
encoded octet form.

I think it would be useful for PKIX to establish an Internet
presentation format for Internet PKI certs, which does not rely on encoding
forms. Elements of the above would all be useful as starting point.

(its worth noting that the legally-relevant EDI messaging and
trusted third-party msg delivery industry has not demonstrated
huge legal/consumer problems with its estoteric, highly-computer-centric
encoding and data presentation formats; but then its not your residential
consumer who has very often been the intended recipient of the service)

Peter.

 
----------
From: 	denny@theory.lcs.mit.edu
Sent: 	Wednesday, November 20, 1996 6:44 PM
To: 	ietf-pkix@tandem.com
Subject: 	Displaying an X.509 certificate




Does anyone know where I can find a program that, given an X.509 certificate, will
display its fields and their values in some human-readable form?



Thanks,

Gillian Elcock

Prev by Date: subscribe
Next by Date: ANNOUNCEMENT: ISOC 1997 SYMPOSIUM NETWORK & DISTRIBUTED SYSTEM SECURITY
Previous by thread: RE: Displaying an X.509 certificate
Next by thread: Re: Displaying an X.509 certificate
Index(es):
- Date
- Thread