[gnutls-devel] X.509 "Key Identifiers" in GnuTLS
n.mavrogiannopoulos at gmail.com
Wed Mar 13 19:46:17 CET 2013
On 03/13/2013 12:23 AM, Daniel Kahn Gillmor wrote:
> On 03/06/2013 07:05 PM, Nikos Mavrogiannopoulos wrote:
>> On 03/06/2013 11:17 PM, Daniel Kahn Gillmor wrote:
>>> So i think the only thing that remains is to document why this is a
>>> divergence from the RFC's "Common Method" -- and i think we have several
>>> good reasons.
>>> Nikos, would you be averse to a changeset that adds a bit of
>>> documentation about how this distinction is made?
>> This would be good.
> I've just pushed 7381666 to the master branch with a concise summary of
> the difference between GnuTLS's method and the "Common Method" for
> choosing a key ID. Nikos, as always, please let me know if you think
> the commit is problematic in any way.
Maybe it is better to add it as text to the corresponding functions,
that have the behavior that you describe i.e. get_key_id(). I'd also
form it like:
"That function calculates a SHA1 digest of the public key as a
DER-formatted, subjectPublicKeyInfo object. Other implementations use
different approaches (some use the ``common method'' described by
section 184.108.40.206 of RFC5280 which calculates a digest on a part of the
More information about the Gnutls-devel