[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: "known in advance" public key authentication?
From: |
Florian Weimer |
Subject: |
Re: "known in advance" public key authentication? |
Date: |
Sun, 18 Nov 2012 20:53:23 +0100 |
* Nikos Mavrogiannopoulos:
>>> What do you mean by valid X.509v3? I suppose even the authors of X.509
>>> wouldn't even know what that means :) Anything we could improve?
>>
>> I managed to create a version 1 certificate with extensions. 8-/
> Was that using certtool or by the API? If it is the former then it is
> indeed a bug, but for the latter I don't know if it's worth the
> complexity of the checks.
No, it was using the APIs.
It might sense to add a best-effort certificate sanity checking
function, with explicit warning that future versions might impose
tighter checks. I have to think about it.
- Re: "known in advance" public key authentication?, (continued)
Re: "known in advance" public key authentication?, Ivan Shmakov, 2012/11/07
Re: "known in advance" public key authentication?, Ilari Liusvaara, 2012/11/07
Re: "known in advance" public key authentication?, Florian Weimer, 2012/11/07
Re: "known in advance" public key authentication?, Ivan Shmakov, 2012/11/07