Ethereal-dev: RE: [Ethereal-dev] PKI, certifiactes and stuff. Anyone working on this right now
|From: Ronnie Sahlberg
|
|
|List,
|I remember someone saying something sometime ago about their work on
|implementing PKI in ethereal.
|In order to avoid duplication of efforts I want to inform that
|I plan to start implementing some of these or at least
|related specifications in ethereal.
|So, if you have started or have code, speak up now.
|
|The ones i am looking at initially are the three RFCs :
|RFC:3369 : Cryptographic Message Syntax
|RFC:3281 : A Internet Attribute Certificate Profile for Authorization
|RFC:3280 : Internet X.509 Public Key Infrastructure Certificate and
|Certificate Revocation List Profile
|
|I thought of implementing them as separate protocols (even
|though they are not protocols per se)
|so that their hf fields are logically grouped together.
Using the same fields makes sense... However there's a caveat.
|In doing so I thought of calling the files and protocols :
|RFC:3369 packet-cms.c "cms"
|RFC:3281 packet-pki-acprofile.c "pki-acprofile"
|RFC:3280 packet-pki-c-crl.c "pki-c-crl"
|
|Anyone have ideas of better names for the .c files and protocol names?
I am not 100% in the PKI world, but I'd name the dissector for X.509
certificates "packet-x509.c". As I infer from reading the abstracts of the
mentioned RFCs I think RFC3280 and RFC3281 could be dealt with in this
"packet-x509.c". In addition, while reading RFC3369 I see a "packet-pkcs7.c"
dissector and the "packet-cms.c" dissector you mention (as CMS is derived
from PKCS#7). And of course all of them will heavily make use of PER/BER/DER
:)
In this approach you cannot make the header fields common between PKCS#7,
CMS and X.509.
Regards,
Olivier
