Alex Gaynor
Alex Gaynor
It's unlikely that our approach would be to introduce a flag for allowing malformed certs, as this complicates our API surface and is difficult for users to reason about --...
The manufacturer could sign new certs for every device they've shipped and then publish them -- this is fine because the cert is only _usable_ if you have the private...
As I've said, we're willing to consider potential workarounds, but we won't do that until the issuer of these malformed certs has taken action to fix that, at the very...
https://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf I don't mean to be rude, but literally I took the Go comment, searched for the referenced spec, and then went to the referenced section.
ITU 690 defines what DER is. https://www.rfc-editor.org/rfc/rfc5280.html#section-4.1 explicitly states that: > For signature calculation, the data that is to be signed is encoded using the ASN.1 distinguished encoding rules (DER)...
@reaperhulk is there any reason not to move to AES for PKCS#12? I assume one concern is compatibility, but with _what_?
Let's do it! On Tue, Apr 5, 2022 at 7:58 PM Paul Kehrer ***@***.***> wrote: > We originally chose this because PKCS12 is trash and trying to use AES >...
Are you sure this is cryptography introduced overhead? I started trying to minimize this and I found that if I make: ```py def process1(pubkey): pass ``` there's still a large...
Yes, it's a known issue. For now there's nothing to do but ignore that one job.
First, I'm sorry we haven't given this PR much attention. Second, I think I'm conceptually ok with this, but I'm on the fence about having it as a private method....