@erincandescent @Gaelan @theresnotime @q @izaya So "if you don't actually implement X.509 it's not actually complex". That's true, but not a very good counter for the argument that "X.509 is a bad, overly complex standard we shouldn't use as-is".
Posts
-
@izaya -
@izaya@erincandescent @Gaelan @theresnotime @q @izaya yes, the algorithm is the same, but this isn't about the algorithms. e.g. X.509 trust establishment is heinously complex and error-prone in implementation and the trust establishment is why you're doing signed certificates to begin with.
-
@izaya@erincandescent @Gaelan @theresnotime @q @izaya Speaking with my cryptographer hat on, X.509 is not fine. And no, it's not about DER. ASN.1/DER is fine, it's about as horrible as all other binary formats.
-
@izaya@q @erincandescent @Gaelan @theresnotime @izaya oh really? Given that secsh has concluded a few years ago, under what wg? Or wg-independent?
-
@izaya@erincandescent @Gaelan @theresnotime @izaya EDIT: I misremebered actually, OpenSSH uses its own format and not X.509. Yay!
-
@izaya@erincandescent @Gaelan @theresnotime @izaya Oh no, not an CA