Say you were writing a major standard, something implemented by thousands of companies. Say, one which specified, among other things, a format for public key files. Might it be appropriate to say "use a BER-encoded x509" certificate (with some (standard) x509 extensions)? Or would you:
- declare that you require a "special" binary format for your x509 certificates
- provide a large table breaking out an octet-by-octet dump (of an example BER certificate) as an example of how one would go about writing a certificate
- omit any explanation of what the various "key" or "header" values are in said binary dump (or how you calculate them from the x509 cert)
- leave it to the user to recognize that this "special" format must just be regular-old BER by the absurdly under-specified nature of the encoding
What implementer is going to write their own BER encoder/decoder? Why would you need to know the particular byte sequences in an example certificate? It would be a *lot* more useful to *most* people to include a PEM-format file and instructions on how to encode/decode it via openssh.
Pingbacks are closed.