[foaf-protocols] Why exponent/modulus
nathan at webr3.org
Fri Sep 17 19:48:43 CEST 2010
Henry Story wrote:
> Well I am happy to hear you say that ASN1 is not a panacea.
lol I've given that approach as much time as I'm willing to this year
> What I am surprised is that your server is parsing that certificate, since it uses
> the public key to do the crypto TLS handshake. So every server that has TLS, has a
> parser built in. Or else it could not get access to the certificate. It should be
> easy for a server to just add an interface to return that key too, right?
Yes! if you can get it added, it's quite easy often, I added support for
subjectAltName, exponent, modulus to node.js and it only took a few
hours; should be a relatively easy hit code wise for most languages /
However! try getting that in to PHP or apache in a version that's going
to be common on most hosts, even if you had it added today you'd be
looking at 2-3 years before you could rely on it being there 50%+ of the
> Any server that wishes to do WebID, will anyway require some new tweaks on their
> server, or some new libraries it seems to me. So this is a good reason to help people
hmm.. I can see that being the case for usage outside of a scripting
realm (ala Joe's fine mods for apache) but inside something like
"Wordpress" there should be no need for any changes to the server afaik.
>> 2 - simply include the common representation of the certificate in your profile. This wouldn't need any ASN1 support or require any command line / openssl calling.
> This would then require a bit by bit comparison of the certificate then I assume.
> So should a web site then publish both PEM and DER? And what about other encodings?
AFAIK DER is almost universally used in servers, programming languages
and in .cer .crt .der files - as for PEM, well that's just DER with
"---BEGIN CERTIFICATE..." added which you can simply strip.
In other words, if you simply pull out the base64 and strip the white
space you should get a pretty universal representation of a certificate
that's portable and comparable :)
> It seems that this will end up forcing us to use ASN.1 forever then, when we really
> want to get away from that, as in my view it makes something really simple, public
> key cryptography - you can write the algorithm on your t-shirt - really complicated
> by tying it to some complex binary standard.
+1 to that (mutters things about ASN1 not safe for public lists)
> So perhaps we can first look and see if your problem cannot be solved in some other
perhaps consider the above comments about DER, seems like an easy hit if
one could give some guidance on the best property to use.. cert:der w/
^^xsd:base64Binary? think that's more your domain though :)
>> So, I guess what I'm saying is, that unless we pester every major language to add native ASN.1 support / expose modulus and exponent / create an ASN1 reader in every major language, we can never create portable webid plugins for media wiki / drupal / wordpress.
> I think we should make a table and work out which languages have trouble with this, and
> a map of solutions. Then we can look at what advantage that will give us with some
> objective facts to back this up.
> Thanks for bringing up this issue.
agreed, good call,
More information about the foaf-protocols