Menu
▾
▴
Re: [Opensst-developer] self key storage in OpenSST
|
From: Alexandre D. <al...@co...> - 2003-03-18 22:23:33
|
On Sun, 16 Mar 2003, "Stormacq, Sébastien" wrote: > Hello, > > > We have currently a discussion in order to store the key used by > > OpenSST in the OpenSST format itself. This could reduce the code > > complexity and ease the compatibility between the OpenSST > > implementation. > > > > If you have any comments, strong feeling that is not required or > > strong feeling that is required, please let me know. > > why not , We will automatically have key encryption and signature, > this is cool. Yes. The parser could be the same for everything. Without having an ASN.1 parser in the implementation ;-) > However, > > 1) there are so many existing standard for storing key (PKCSnn series), > why propose another one ? Yes but we have a big discussion with for example the PKCS#8 attributes for private keys. This quite fix and this is not really flexible for having a quite large private keyring. A simple solution would be to include a XML tree with a specific OpenSST type for storing the keys in a tree. Some testing will be published and I hope the subject will generate ideas (the liasit student is working on that). > 2) IMHO, this is not protocol related, this is just a technique used by > one implementation. This should not be a requirement for all > implementations This could be part of the "OpenSST : Security Consideration Documents". I need to publish the current status of the different documents (Message Format Description, Protocol Description and Security Consideration). Secure Storing could be requirement following the requirement of "customer"/user policy. This could be discussed in that document. Have a nice night. adulau -- Alexandre Dulaunoy -- http://www.foo.be/ 3B12 DCC2 82FA 2931 2F5B 709A 09E2 CD49 44E6 CBCD --- AD993-6BONE "People who fight may lose.People who do not fight have already lost." Bertolt Brecht |
