[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PKCS-12 Spec. History
Hi Peter,
Thank you so much.
You've listed (at least) 4 variations:
- pfx 0.20 = netscape original
- pkcs-12 draft = microsoft ie
- pkcs-12 final = microsoft and netscape
- pkcs-12 v1.0 = grand/unified
Which version of PKCS-12 we use (if any) is still up for discussion.
If we use anything other than v1.0, I suspect we'll have to dig up old copies of
the spec. from the RSA archives (or somewhere).
Best Regards,
--dg
Peter Gutmann wrote:
> Dale Gustafson <dale.gustafson@xxxxxxxx> writes:
>
> >Was there a PKCS-12 specification (earlier than v1.0) that documents what was
> >originally implemented by Netscape, Microsoft, and/or others? I can only find
> >one version on the RSA Labs site and it looks like the latest/greatest. I
> >recall the earlier version of PKCS-12 had no salt in the hashed password and
> >perhaps other anomalies.
>
> This area is a real mess, with multiple conflicting standards and variants.
> Netscape started with PFX 0.020 (which they called PKCS #12) only it wasn't
> pure PFX but had its own implementation quirks. Then there was a PKCS #12
> draft which was used in MSIE, then the final (MS) PKCS #12 used in newer MSIEs
> and Netscape, and finally the grand unified PKCS #12 on the RSA web site. In
> addition most of these versions came with a side order of small changes in the
> actual implementation to accomodate changes in export controls and people
> finding holes in existing mechanisms which were patched in release n+1. Unless
> you really need to be backwards-compatible with every imaginable old version
> and you really enjoy pain, I'd just go with the RSA PKCS #12 version.
>
> Peter.