Don't make me guess, Gentle Spec Writer

Say you were writing a major standard, something implemented by thousands of companies. Say, one which specified, among other things, a format for public key files. Might it be appropriate to say "use a BER-encoded x509" certificate (with some (standard) x509 extensions)? Or would you:

  • declare that you require a "special" binary format for your x509 certificates
  • provide a large table breaking out an octet-by-octet dump (of an example BER certificate) as an example of how one would go about writing a certificate
  • omit any explanation of what the various "key" or "header" values are in said binary dump (or how you calculate them from the x509 cert)
  • leave it to the user to recognize that this "special" format must just be regular-old BER by the absurdly under-specified nature of the encoding

What implementer is going to write their own BER encoder/decoder? Why would you need to know the particular byte sequences in an example certificate? It would be a *lot* more useful to *most* people to include a PEM-format file and instructions on how to encode/decode it via openssh.


Comments are closed.


Pingbacks are closed.