[Swan-dev] More confusion of options to clean up regarding phase1 and phase2 options

Matt Rogers mrogers at redhat.com
Mon Apr 21 19:27:20 EEST 2014

On 04/19, Paul Wouters wrote:
> >>
> >Aliasing options right now is a hack, so that is something that should be built in and easy for us to add new aliases.
> I'm not sure how easy that is to do. I'm fine with an easier way of
> adding them. Are you thinking a "preparsing" that rewrites aliases into
> the real options, than calls our current code?
Yep, I pushed an 'alg_info_alias' branch that has my idea for this, with
some example aliasing, so give that a look when you get a chance.

> >I like pubsigkey= better. While there is a technical difference between the two, the intent of the option is still the same.
> As long as that works for identifying EC keys too. I assume X.509 is no
> problem with the friendly_name on import, but I'm not sure how we would
> identify a (raw) EC key yet - then again, technically I don't think the
> RFCs support raw EC keys yet because the draft did not get enough
> traction at the working group.
Ah, I was assuming that anything we would do with EC moving forward would be
through NSS so the option would refer to the friendly name.


More information about the Swan-dev mailing list