mace-opensaml-users - RE: [OpenSAML] encoding an X.509 certificate
Subject: OpenSAML user discussion
List archive
- From: "Scott Cantor" <>
- To: <>
- Subject: RE: [OpenSAML] encoding an X.509 certificate
- Date: Wed, 5 Nov 2008 13:20:50 -0500
- Organization: The Ohio State University
> Do your openssl functions require that you specify the encoding up
> front or will it figure that out on its own?
According to the limited/non-existent docs for the function family that
handles DER->X509, they handle "BER forms". I don't know what that means.
You don't have any way to signal them to do anything, so whatever they do is
internal.
> I think that's a stretch. Even if BER and DER can be handled
> programmatically, what about CER, PER, and XER?
I don't know. But I think recommending use of DER in the right places is far
better than the hope of convincing every other specification and profile to
remember to mention it.
For example, for ongoing purposes, it's mostly meaningless if SAML itself
were to require DER because WS-* doesn't. That means our implementation
doesn't gain anything from SAML making any statement about it at all, no
matter where. Whereas, I think I can convince W3C to make a recommendation
in whatever the next compatible version of dsig is, and fix it for good if
there's a dsig 2.0.
-- Scott
- encoding an X.509 certificate, Tom Scavo, 11/05/2008
- Re: [OpenSAML] encoding an X.509 certificate, Chad La Joie, 11/05/2008
- RE: [OpenSAML] encoding an X.509 certificate, Scott Cantor, 11/05/2008
- Message not available
- Re: [OpenSAML] encoding an X.509 certificate, Tom Scavo, 11/05/2008
- RE: [OpenSAML] encoding an X.509 certificate, Scott Cantor, 11/05/2008
- Re: [OpenSAML] encoding an X.509 certificate, Tom Scavo, 11/05/2008
- Re: [OpenSAML] encoding an X.509 certificate, Chad La Joie, 11/05/2008
Archive powered by MHonArc 2.6.16.