From: Eric Young <eay@mincom.oz.au>
Date: Thu, 28 Sep 95 00:04:50 PDT
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: X.509, S/MIME, and evolution of PGP
In-Reply-To: <199509272223.PAA13812@ix7.ix.netcom.com>
Message-ID: <Pine.SOL.3.91.950928120233.1296A-100000@orb>
MIME-Version: 1.0
Content-Type: text/plain



On Wed, 27 Sep 1995, Bill Stewart wrote:
> 6) It's a lot of work - well, yeah, it is.  And I'm lazy.  Is there enough
> related code in SSLeay to steal to help implement it?

I am cleaning up and documenting the routines right now, but yes, it is 
possible to implement not only a CA but all the other stuff you mention.

I have finished digital envelope routines (ala Sign, Verify, Seal and Open).
I have the full functionality of RSAref plus support for about umpteen 
differnt cipher in umpteen different modes (well DES, IDEA and RC4 in a 
total of 13 different modes, I use structure pointers to specify ciphers 
so only the ciphers used are linked in and it is also trivial for 
applications to specify new ciphers to use).

Everything needed to implement PEM is there, to do S/MIME I've got to do 
PKCS-7 but that is just a parsing and packageing problem which I will do 
(when I get time) for SSL v3. 

I'm also about to redo my X509_get_certificate routine so that an 
application can 'push' 'methods' onto the system used to lookup certificates.
I need to be able to look them up via an alias, subject X509 DN, and 
via Issuer and ID.  If I get time I'll probably put in a demo 'method' 
that will talk to a socket/host and ask for certificates (proably a 
simple perl server at the other end).

I'm taking the view that if I can put hooks into the library for other 
people to put in routines to retrieve certificates/CRL's I will not have 
to do all the work :-).  I just have to document everything so other 
people can have a play :-)

eric
--
Eric Young                  | Signature removed since it was generating
AARNet: eay@mincom.oz.au    | more followups than the message contents :-)