Alternative certificate formats?
Edit: I think I should have titled this "alternative generic key container formats" or something. I didn't mean to have this be about web certs. Is there a better word for this?
Hello! I'm working on some software that needs certificates for signatures/verification... and probably certificate chains/subkeys, maybe revocation lists, a format that can be easily updated for new future key formats, ideally with standard tools/compatibility, etc...
x509 would be the obvious choice here, but I was wondering if there was anything else (or new formats) that would work instead. There's a lot of historical cruft with x509, it's complex so the libraries for working with it are complex, and some stuff like needing to tie a name to the cert is an extra burden not relevant to my use... and it's hard to know what features can be dropped without reducing security overall.
I dug around the list of alternatives I came up with are:
- GPG
- CVC
- SSH (I don't think this supports chains...)
I thought there'd be more. I was wondering if there were any others I missed before I start digging in deeper.
The last resort is to just wrap my own container around per-key formats, which wouldn't be hard, but I felt like there must be a better way...
Edit:
- From @harrison_314 - JWT