Re: SSL sans RSA

EKR (ekr@rtfm.com)
20 Feb 1999 22:58:22 -0800

• Next message: Andrew Meredith: "ASN.1 vs Binary (was: SSL sans RSA)"
• Previous message: James A. Donald: "Re: reflecting on RC4"
• In reply to: Alex Alten: "Re: reflecting on RC4"
• Next in thread: Michael F. Reusch: "Re: SSL sans RSA"

"James A. Donald" <jamesd@echeque.com> writes:
> At 04:17 PM 2/17/99 +0100, Martin Grap wrote:
> > Have a look at RFC 2459 (Internet X.509 Public Key
> > Infrastructure Certificate and CRL Profile). The document
> > describes object-Id's and other ASN.1 stuff for algorithms
> > different from RSA when used in X.509 cetificates.
>
> Warning: I have heard numerous complaints that ASN.1 sucks
> mightily--not that I understand the complaints or am
> competent to judge them.
Since any SSL implementation needs to parse ASN.1 certificates,
anyone who's implementing SSL has already bought into ASN.1.

The incremental effort to add the support for the ASN.1 for
DSA keys is trivial.

-Ekr
[Eric Rescorla ekr@rtfm.com]

• Next message: Andrew Meredith: "ASN.1 vs Binary (was: SSL sans RSA)"
• Previous message: James A. Donald: "Re: reflecting on RC4"
• In reply to: Alex Alten: "Re: reflecting on RC4"
• Next in thread: Michael F. Reusch: "Re: SSL sans RSA"