RE: NAI pulls out the DMCA stick
While we are on the subject of issuing your own X.509 certificates: 1. How do you create a X.509 signing hierarchy? 2. Can you add additional algorithms (ie. Twofish)? 3. Is a relavent developer reference is available for X.509? --- Peter Gutmann <pgut001@cs.auckland.ac.nz> wrote:
... So issue your own. Honestly, why would anyone want to *pay* some random CA for this? ...
===== end LAUNCH - Your Yahoo! Music Experience http://launch.yahoo.com
On Fri, May 24, 2002 at 12:07:48PM -0700, Curt Smith wrote:
While we are on the subject of issuing your own X.509 certificates:
1. How do you create a X.509 signing hierarchy?
Do a web search on "openssl certificate authority".
2. Can you add additional algorithms (ie. Twofish)?
Yes, if the libraries you use support them. Note that twofish, being a symetric algorithm, would not be used in certificates. Public key and hashes only.
3. Is a relavent developer reference is available for X.509?
X.509 is an ITU/T standard, which means, among other things, that they charge money for copies. You can find copies on the net though. Being ITU/T also means that the standard is written in a format and style that is designed to be incomprehensible as possible. This keeps the professional meeting-goers who write these things from having to search for honest work. The documents get progressively less understandable over time, so its best to start with the 1988 version. PKCS#6 explains X.509 as well and is easier to understand. Peter Gutman's X.509 Style Guide is quite comprehsnsible and also pretty funny after you have spent time trying to decipher X.509 or any other X.whatever standard. Peter also has a neat utility called dumpasn.1 which you will want if you start diddling X.509 certs. Openssl is probably the most common library for doing cert stuff these days. Unfortunately the docs for Openssl are pretty much non-existent and the ASN.1 code is particularly difficult to understand. Eric
On Fri, 24 May 2002, Eric Murray wrote:
3. Is a relavent developer reference is available for X.509?
X.509 is an ITU/T standard, which means, among other things, that they charge money for copies. You can find copies on the net though.
Depending on how good your local library is, they may be able to get you a copy on interlibrary loan. I managed to get ahold of a copy of X9.19 that way. If ITU works anything like the ABA, they'll charge you about $4/page to get one of these from them (at least that's the rate X9.19 came to). PKCS and other online sources seem your best bet for this by far. -J
participants (4)
-
Curt Smith -
Dave Howe -
Eric Murray -
Jack Lloyd