[gnutls-dev]xml gurus needed

Nikos Mavroyanopoulos nmav@gnutls.org
Fri Jun 21 18:12:01 2002


On Fri, Jun 21, 2002 at 03:36:35PM +0200, Werner Koch wrote:

> > Attached is an example of an X.509 certificate converted to an XML
> > format (preserving some of the X.509 tags). What do you think of
> > it? Is it useful to applications with xml capability? Any suggestions
> So you need to include a full XML parser into any application to
> manage TLS configuration.  XML is a prett loated format and I don't
> see what you gain from mapping an (bloated and ugly) ASN.1 format to
> XML.  The X.509 DER is better defined than any XML rendering can be.

What do you mean here? The xml output is not for the application to
verify the certificate or so. It is about displaying parts of the
certificate that cannot be extracted with the available functions.
Given that and that more and more applications have XML capability
I think some may be benefited [0].

[0] But I do not hold my breath. I expect such application developers
    to comment out.

> So it depends on what you want todowith the certificate.  If it is
> just for displaying the information a more straigtforward format woul
> be more easier for the calling application.  For all other purposes
Which format is more straightforward? X.509 certificates are very very
complex to be mapped 1-1 in any simple format. 


> you better return the DER formatted one which has the advantage that
> you can actually *do* something with the certificate.
The DER format is still supported, what we are talking here is about
a convertion from der to xml.


> On another note: GPG_ME_ provides an abstract interface to any public
> keys and it might be a neat idea to follow the structure of that API
> closely or even employ GPG_SM_ as certificate manager.
I will check it.

 
> Salam-Shalom,
> 
>    Werner

-- 
Nikos Mavroyanopoulos
mailto:nmav@gnutls.org