Just a comment, in-line... On 2/22/06, Mark <[EMAIL PROTECTED]> wrote: > Hi Jeff, > > > The only thing I can offer is that if you help me then I > > will attempt > > > to write a very detailed and accurate description of the process so > > > that newbs like me don't have such a difficult time adopting this > > > system in the future.
I honestly think that the ITU process (which is basically "governments and telephone companies") have absolutely no regard for the people who are trying to implement these standards. The specs they write are geared for people who understand bureaucratese [just try reading the spec for BER sometime -- er, wait, don't, I wouldn't wish that on my worst enemy]. I don't like this, and part of my reason for wanting to be involved in the OpenSSL project is because I want to make it much more accessible. For example, X.500 is the directory standard. That set of standards also specify a means of querying that directory, starting at a global root and resolving referrals. This cannot under any circumstances work -- so LDAP, the Lightweight (X.500) Directory Access Protocol was created by the IETF to work around the technical deficiencies. BER is supposed to be an "agnostic" encoding mechanism... but now we have XML, which is better at it than BER could ever dream. But, due to past mistakes (on Netscape's and Verisign's parts, originally, if I understand history correctly), we're stuck with DER-based certificates, which have to be encoded into 5-bit ASCII to effectively transmit over a text-only channel. This is, to my mind, a disgustingly suboptimal solution. > I had that exact thought and have already written such a document. It > is by no means complete so I haven't attempted to submit/publish it yet. Why not post what you've got, and we can work on it? > > How's this: You write, I go over for technical accuracy, and then we > > submit it? :) > > Maybe we could collaborate on such a project? Again, I'll go over it for technical accuracy. (Since I can find the references that I've run into, and know how to read them, I'll take the 'technical editor' job.) One of the things that has always bugged me about OpenSSL is its lack of user-friendly documentation. Yes, it was always meant to be a library and some command-line tools... but understanding what those command-line tools actually do is difficult. A kind of "intro to OpenSSL and all of its dependent technologies" would be a very nice thing to have. -Kyle H ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
