AlCutter
commented
5 days ago Hi,
Thanks for your request. I think it's unlikely we'll want to do this here for a couple of reasons:
- AFAIK (although very happy to be enlightened if I'm wrong), BP doesn't really seem to be used in WebPKI (At a wild guess, would you perhaps be looking at applying transparency to
in Germany?) - These
x509/asn1packages are really just (increasingly outdated) forks of Go's stdlib packages, which we'd quite like to drop eventually.
I think your best bet would likely be to do one or both of:
- See about getting BP support added upstream in the Go stdlib (I found this thread which might be a good place to start: https://github.com/golang/go/issues/32874 )
- Fork this repo and add support there for parsing BP certs.
The other thing I wanted to mention, in case you're not already aware of it, is the ongoing experiment in the CT ecosystem with Static CT API log implementations - these promise to be considerably easier and cheaper to operate, so may be worth consideration if you're looking at spinning up new infrastructure...
Certificates that rely on BP curves are used in certain sectors and we can't manage to parse them through the current X509 library. It would be great to have support for Brainpool curves in the X509 library.