Maybe It's Snake Oil All the Way Down
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Fri Jun 6 23:42:06 PDT 2003
Derek Atkins <derek at ihtfp.com> writes:
>Actually, the ASN.1 part is a major factor in the X.509 interoperability
>problems. Different cert vendors include different extensions, or different
>encodings. They put different information into different parts of the
>certificate (or indeed the same information into different parts). Does the
>FQDN for a server cert belong in the DN or some extension? What about the
>email address for a user cert?
That doesn't really have anything to do with ASN.1 though. You can make just
as big a mess with XML (actually even bigger, in my experience), or EDIFACT,
or whatever. The problem isn't the bit-bagging format, it's that it's
accumulated such a mass of cruft that no two people can agree on what to put
in there. Whether the resulting mess is wrapped in ASN.1 or XML or EDIFACT or
plastic pooper scooper bags doesn't really make any difference.
Peter.
More information about the cypherpunks-legacy
mailing list