I believe that IBM has released an opensource x.509v3 toolkit (libraries and tools + some oscp stuff if I remember right) for unconditional use. There was the usual export crapola so I have not been able to look at it myself. I agree that this needs to be done!
It might be a good idea to do it in close cooperation (if not within) the openssl project who have to deal with certificates anyway and probably already have much of the code needed. Perhaps someone from openssl reads slashdot and can say something about their plans in the pki area.
Slashdot Mirror
I believe that IBM has released an opensource x.509v3 toolkit
(libraries and tools + some oscp stuff if I remember right) for unconditional use.
There was the usual export crapola so I have not been able to look at it myself.
I agree that this needs to be done!
It might be a good idea to do it in close cooperation (if not within) the
openssl project who have to deal with certificates anyway
and probably already have much of the code needed. Perhaps someone
from openssl reads slashdot and can say something about their
plans in the pki area.