[zeromq-dev] Certificate formats

Pieter Hintjens ph at imatix.com
Fri Oct 4 18:03:35 CEST 2013


On the usual basis I'll start with a minimal plausible solution that
covers the problems we have today. Solving theoretical problems tends
to lead to making stuff we don't ever use...

On Fri, Oct 4, 2013 at 4:55 PM, Tom Cocagne <tom.cocagne at gmail.com> wrote:
> The endpoints in my example address the specific problem of my not being
> able to think up good examples of relevant metadata (midnight e-mails... you
> know how it is ;-).
>
> One area that might warrant an initial RFC section would be for defining the
> required minimum for validating a certificate chain. It probably shouldn't
> be a mandatory field overall but it's one of those things that will be
> continually re-invented unless there's already a good way to do it. Perhaps
> something along the lines of the following:
>
> =========
> uuid: 9af3d710-e762-4cf4-a9cb-e5a5899bf3c8
> public_key: 81A...BF
>
> [zmq.rfc111]
> may_sign_sub_certificates = False
>
> [signatures]
>     (dropping to JSON notation for nesting support)
>     { "zmq.rfc111", [ "a58af667-fca1-4bfc-90a7-f4653f6fc1af" : {
> {"zmq.rfc111" : {"may_sign_sub_certificates" : true, "parent" :
> ''d027128d-a0af-48a8-8dfd-65f9ea2e47b1", ...}},
>                             "d027128d-a0af-48a8-8dfd-65f9ea2e47b1" { ... }
> ],
>     }
> =========
>
>
> On Fri, Oct 4, 2013 at 2:39 AM, Pieter Hintjens <ph at imatix.com> wrote:
>>
>> On Fri, Oct 4, 2013 at 7:13 AM, Tom Cocagne <tom.cocagne at gmail.com> wrote:
>>
>> > ==== Begin ZMQ Cert ====
>> > uuid: 9af3d710-e762-4cf4-a9cb-e5a5899bf3c8
>> > public_key: 81A...BF
>> > [org.cocagne.home_network]
>> >     name: cool_zmq_app_server
>> >     webserver_port: 1234
>> > [zmq.rfc1034]
>> >     dns_name: org.cocagne.home_network.cool_zmq_app_server
>> >     http_port: 1234
>> >     client_authentication_required: True
>> > [signatures]
>> > ...
>> > ==== End ZMQ Cert ====
>>
>> OK, this is great, and goes on my whiteboard as the first strawman for
>> a certificate format.
>>
>> - begin/end markers so multiple certs can be sent in an email
>> - unique UUID to... to allow unique identification
>> - RFC-specific sections with defined fields
>>
>> What problem do the endpoint sections address?
>>
>> -Pieter
>> _______________________________________________
>> zeromq-dev mailing list
>> zeromq-dev at lists.zeromq.org
>> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>
>
>
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>



More information about the zeromq-dev mailing list