[openssl-users] Another problem with openssl x509 -req -- default_enddate

Michael Richardson mcr at sandelman.ca
Thu Aug 31 01:33:17 UTC 2017

Viktor Dukhovni <openssl-users at dukhovni.org> wrote:
    > So indeed, you'd not be the first to consider a special-purpose
    > concise format.  It is somewhat surprising that the applications
    > you're considering use X.509 certificates at all, rather than just

I meant to add in my previous email, that the reason to use the PKIX
containers is because we need the identifiers for algorithms and hashes, and
the like so that we can have algorithm agility going forward.

Of course, we could get that from some other format: OpenPGP for instance.
Alas, none are very popular in the greater world.  Maybe CWT will win out
where PGP (for keys and signatures) did not... but I don't think the industry
outside of the IETF is ready for that yet. (The IETF is not even ready...)

]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     mcr at sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170830/3cc71666/attachment.sig>

More information about the openssl-users mailing list