[gnutls-devel] X.509 "Key Identifiers" in GnuTLS

Nikos Mavrogiannopoulos n.mavrogiannopoulos at gmail.com
Wed Mar 13 19:46:17 CET 2013

On 03/13/2013 12:23 AM, Daniel Kahn Gillmor wrote:

> On 03/06/2013 07:05 PM, Nikos Mavrogiannopoulos wrote:
>> On 03/06/2013 11:17 PM, Daniel Kahn Gillmor wrote:
>>> So i think the only thing that remains is to document why this is a
>>> divergence from the RFC's "Common Method" -- and i think we have several
>>> good reasons.
>>> Nikos, would you be averse to a changeset that adds a bit of
>>> documentation about how this distinction is made?
>> This would be good.
> I've just pushed 7381666 to the master branch with a concise summary of
> the difference between GnuTLS's method and the "Common Method" for
> choosing a key ID.  Nikos, as always, please let me know if you think
> the commit is problematic in any way.

 Maybe it is better to add it as text to the corresponding functions,
that have the behavior that you describe i.e. get_key_id(). I'd also
form it like:
"That function calculates a SHA1 digest of the public key as a
DER-formatted, subjectPublicKeyInfo object.  Other implementations use
different approaches  (some use the ``common method'' described by
section of RFC5280 which calculates a digest on a part of the
subjectPublicKeyInfo object)."


More information about the Gnutls-devel mailing list