Skip to Content.
Sympa Menu

mace-opensaml-users - RE: [OpenSAML] encoding an X.509 certificate

Subject: OpenSAML user discussion

List archive

RE: [OpenSAML] encoding an X.509 certificate


Chronological Thread 
  • From: "Scott Cantor" <>
  • To: <>
  • Subject: RE: [OpenSAML] encoding an X.509 certificate
  • Date: Wed, 5 Nov 2008 13:20:50 -0500
  • Organization: The Ohio State University

> Do your openssl functions require that you specify the encoding up
> front or will it figure that out on its own?

According to the limited/non-existent docs for the function family that
handles DER->X509, they handle "BER forms". I don't know what that means.
You don't have any way to signal them to do anything, so whatever they do is
internal.

> I think that's a stretch. Even if BER and DER can be handled
> programmatically, what about CER, PER, and XER?

I don't know. But I think recommending use of DER in the right places is far
better than the hope of convincing every other specification and profile to
remember to mention it.

For example, for ongoing purposes, it's mostly meaningless if SAML itself
were to require DER because WS-* doesn't. That means our implementation
doesn't gain anything from SAML making any statement about it at all, no
matter where. Whereas, I think I can convince W3C to make a recommendation
in whatever the next compatible version of dsig is, and fix it for good if
there's a dsig 2.0.

-- Scott





Archive powered by MHonArc 2.6.16.

Top of Page