Ethereal-dev: Re: [Ethereal-dev] PKI, certifiactes and stuff. Anyone working onthis right now?
----- Original Message -----
From: "Biot Olivier"
Sent: Monday, May 17, 2004 6:06 PM
Subject: RE: [Ethereal-dev] PKI, certifiactes and stuff. Anyone working
onthis right now?
> |From: Ronnie Sahlberg
> |
> |
> |List,
> |I remember someone saying something sometime ago about their work on
> |implementing PKI in ethereal.
> |In order to avoid duplication of efforts I want to inform that
> |I plan to start implementing some of these or at least
> |related specifications in ethereal.
> |So, if you have started or have code, speak up now.
> |
> |The ones i am looking at initially are the three RFCs :
> |RFC:3369 : Cryptographic Message Syntax
> |RFC:3281 : A Internet Attribute Certificate Profile for Authorization
> |RFC:3280 : Internet X.509 Public Key Infrastructure Certificate and
> |Certificate Revocation List Profile
> |
> |I thought of implementing them as separate protocols (even
> |though they are not protocols per se)
> |so that their hf fields are logically grouped together.
>
> Using the same fields makes sense... However there's a caveat.
>
> |In doing so I thought of calling the files and protocols :
> |RFC:3369 packet-cms.c "cms"
> |RFC:3281 packet-pki-acprofile.c "pki-acprofile"
> |RFC:3280 packet-pki-c-crl.c "pki-c-crl"
> |
> |Anyone have ideas of better names for the .c files and protocol names?
>
> I am not 100% in the PKI world, but I'd name the dissector for X.509
> certificates "packet-x509.c". As I infer from reading the abstracts of the
> mentioned RFCs I think RFC3280 and RFC3281 could be dealt with in this
> "packet-x509.c". In addition, while reading RFC3369 I see a
"packet-pkcs7.c"
> dissector and the "packet-cms.c" dissector you mention (as CMS is derived
> from PKCS#7). And of course all of them will heavily make use of
PER/BER/DER
> :)
>
> In this approach you cannot make the header fields common between PKCS#7,
> CMS and X.509.
So, for a BER/DER version you would suggest to combine 3369/3280/3281 into
one single dissector and call it
packet-x509.c ?
BER/DER and PER can probably not be combined anyway since they use different
APIs.