[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

X.509



The recent discussion about X.509 seems to be missing the main (IMO) point.
Which is one of implementability. Speaking as someone who has managed to avoid
ASN.1 until around 6 months ago, I agree wholeheartedly with the difficulties
of using it as a tool. Some have argued that only a "tiny" subset of ASN.1 is
actually used but by the time you have included the extensions to X509v3 it
seems to me that the "tiny" subset is the one _not_ used by X509. Anyway, I'm
missing the main point now ... implementability. SSLeay appears to use around
12,000 lines of code for nothing but X509. This, by any standards, is an
absurd amount of code to need for such a simple thing. SSLeay's implementation
may not be the briefest; however, my own investigations indicate that a very
large number of lines of code will be required.

On the subject of how many pages of standards are required reading for X509,
people seem to have missed out all the cross-referenced standards. I have
all the ASN.1 docs, and all the X509 docs, however, I am not in a position to
produce code from these docs because vital data is absent. According to the
standards, I have to search the following (note - what I really have is
ISO/IEC 8824-1 etc., not X.208, so some of the cross-refs don't include the
Xnumbers):

ISO 8824-1 (X.208-1) (for example):
  ISO 2375 3166 6523 7498 8601 8822 8823 8825-1   ?
  X     ?    ?    ?    ?    ?    ?    ?     209  121

I could go through all 7 documents and make the list longer but I'm getting
bored.

In short, I'm very much in favour of a _simple_ certification scheme.

Cheers,

Ben.

-- 
Ben Laurie                  Phone: +44 (181) 994 6435
Freelance Consultant and    Fax:   +44 (181) 994 6472
Technical Director          Email: ben@algroup.co.uk
A.L. Digital Ltd,           URL: http://www.algroup.co.uk
London, England.