[SECNET RFC PATCH 5/5] sigscheme: Interface for signature schemes

[Ian Jackson]

Ian Jackson writes ("[SECNET RFC PATCH 5/5] sigscheme: Interface for signature schemes"):
> There is no implementation here.  This is split out like this for
> early review.
...
> +typedef bool_t sigscheme_loadpub(const struct sigscheme_info *algo,
> +				 void *pubkeydata, size_t pubkeydata_len,
> +				 sigpubkey_if **sigpub_r, log_if *log);
> +  /* pubkeydata is (supposedly) for this algorithm.
> +   * loadpub should log an error if it fails. */

FTAOD this registry will provide alternative entrypoints, which will
be used when the new enrolment/rollover machinery is in operation.
That machinery will bypass the top level config namesapce and simply
look up scheme names in the sigschemes table.  The scheme name binding
in the top level config space ("rsa" right now) will therefore no
longer strictly be needed except for compatibility, but new schemes
should probably still provide such a binding for the benefit of
testing, and for configurations that don't want the complexity of the
built-in key management.

Ian.

-- 
Ian Jackson <ijackson at chiark.greenend.org.uk>   These opinions are my own.

If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.