[zeromq-dev] Certificate formats

Tom Cocagne tom.cocagne at gmail.com
Fri Oct 4 16:55:10 CEST 2013


The endpoints in my example address the specific problem of my not being
able to think up good examples of relevant metadata (midnight e-mails...
you know how it is ;-).

One area that might warrant an initial RFC section would be for defining
the required minimum for validating a certificate chain. It probably
shouldn't be a mandatory field overall but it's one of those things that
will be continually re-invented unless there's already a good way to do it.
Perhaps something along the lines of the following:

=========
uuid: 9af3d710-e762-4cf4-a9cb-e5a5899bf3c8
public_key: 81A...BF

[zmq.rfc111]
may_sign_sub_certificates = False

[signatures]
    (dropping to JSON notation for nesting support)
    { "zmq.rfc111", [ "a58af667-fca1-4bfc-90a7-f4653f6fc1af" : {
{"zmq.rfc111" : {"may_sign_sub_certificates" : true, "parent" :
''d027128d-a0af-48a8-8dfd-65f9ea2e47b1", ...}},
                            "d027128d-a0af-48a8-8dfd-65f9ea2e47b1" { ... }
],
    }
=========


On Fri, Oct 4, 2013 at 2:39 AM, Pieter Hintjens <ph at imatix.com> wrote:

> On Fri, Oct 4, 2013 at 7:13 AM, Tom Cocagne <tom.cocagne at gmail.com> wrote:
>
> > ==== Begin ZMQ Cert ====
> > uuid: 9af3d710-e762-4cf4-a9cb-e5a5899bf3c8
> > public_key: 81A...BF
> > [org.cocagne.home_network]
> >     name: cool_zmq_app_server
> >     webserver_port: 1234
> > [zmq.rfc1034]
> >     dns_name: org.cocagne.home_network.cool_zmq_app_server
> >     http_port: 1234
> >     client_authentication_required: True
> > [signatures]
> > ...
> > ==== End ZMQ Cert ====
>
> OK, this is great, and goes on my whiteboard as the first strawman for
> a certificate format.
>
> - begin/end markers so multiple certs can be sent in an email
> - unique UUID to... to allow unique identification
> - RFC-specific sections with defined fields
>
> What problem do the endpoint sections address?
>
> -Pieter
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20131004/e6009cf1/attachment.htm>


More information about the zeromq-dev mailing list