[openssl-dev] [RFC 0/2] Proposal for seamless handling of TPM based RSA keys in openssl
David Woodhouse
dwmw2 at infradead.org
Tue Nov 22 17:56:17 UTC 2016
On Tue, 2016-11-22 at 18:46 +0100, Richard Levitte wrote:
> In message <489af892b16b43ee9a7009ffe52db794 at usma1ex-dag1mb1.msg.corp.akamai.com> on Tue, 22 Nov 2016 17:40:54 +0000, "Salz, Rich" <rsalz at akamai.com> said:
>
> rsalz> > The more interesting part is when it tries to load files it guesses are raw DER.
> rsalz>
> rsalz> And this part worries me. I do not think a "security library" should be guessing.
>
> It does this by trying to interpret the blob against known ASN.1
> definitions, and will only succeed when there's a complete match. I'm
> not terribly worried...
And even if you were, you should be *more* worried about making
*applications* do it for themselves :)
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5760 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20161122/ead8802c/attachment.bin>
More information about the openssl-dev
mailing list