(DRAFT) This document describes a possible file format for exporting the configuration of X.509 certificates and TLS options, as well as other things such as bookmarks. An implementation will not necessarily support all features of this file. A browser might or might not use this as its own format; if it does not, then external programs may be used for conversion. The file format is a sequence with fields: * An identifier (which can be a single value of any type; you can specify null if nothing is applicable). * The date/time (UTC Time or Generalized Time) when it was exported. * A sequence of certificate configurations. Zero-based index numbers can be used to refer to items in this sequence. Any item in this sequence may be null in case that index number is not used. * A (possibly empty) sequence of client configurations. * A (possibly empty) sequence of server configurations. * A (possibly empty) sequence of bookmarks. * Optionally, a key/value list (see ../asn1/asn1.doc for the defintion of this ASN.1X type) for adding nonstandard extensions. The keys are object identifiers and the value is a type that depends on the object identifier. Each item in the certificate configurations is a sequence with fields: * A private name for the user to refer to this certificate. This can be of any ASN.1X character string type; which types are valid depends on the implementation, but Visible string should always be valid. * The X.509 certificate. * The private key, or null if it is not recorded. (This private key may be passworded; if so, the password is not stored in this file, and must be entered by the user when the user wishes to use this certificate.) * The index number of the issuer certificate. If this is a self-signed certificate, then it is this entry's own index number. This can be null if the issuer certificate is not recorded in this file. * An optional key/value list for nonstandard extensions. (This is not used for X.509 extensions, which are a part of the certificate.) Each item in the client configurations is a sequence with fields: * The URL, which is a Visible string. * The type of pattern matching, which is an enumerated value, where 0 means only the fragment part may differ, 1 means the fragment part and/or query string part may differ, and 2 means that the specified URL may be followed by / or ? or # and anything (if it already ends with / then it may be followed by anything). * An optional date/time for when the identity expires (if this is not present, then it expires at the same time as the certificate). * A bit string to specify the usage of this client configuration; see below for the possible bits. * The index number of the client certificate, or null if there isn't one. * A boolean to indicate whether or not this configuration is active. If multiple configurations are active (which will not be possible in all implementations), then the most specific active configuration which is applicable should be used. Longer URLs are more specific than shorter URLs, and lower numbers of types of pattern matching are more specific than higher numbers of types of pattern matching. * An optional key/value list for nonstandard extensions. The usage of client configuration has: * 0 = Used for receiving files/data. * 1 = Used for sending files/data. (With Gemini, this would correspond to Titan; this allows Gemini and Titan to be specified in a single entry without needing a separate URL in this file.) * 2 = Used for interactive connections. (This is not applicable to Gemini, but is applicable to Scorpion.) * 3 = Use the username/password in the URL to authenticate by default. * 4 = Only use the certificate if the username in the URL is also used. Each item in the server configurations is a sequence with fields: * The domain name, which is a Printable string. This is optional in case only the IP address is recorded. * The IP address, which is a octet string of length 4 or 16. This is optional in case only the domain name is recorded. * The port number, which is a integer. * TLS options (see below). This can be null if it is not available. * The index number of the server's certificate, or null if there isn't one. * An optional key/value list for nonstandard extensions. Each bookmark is a sequence with fields: * The title of the bookmark. This may be any ASN.1X character string type; which types are valid is implementation-dependent, but Visible string should always be valid. * The URL, which is a Visible string. Alternatively, this may be a group of bookmarks in which case this is a sequence of bookmarks instead. (If an implementation does not support grouped bookmarks, then it should read each item in the group and treat them as not being in the group.) This may also be null, if it is a separator; or it can be a object identifier if it is some special kind of item (the extensions will specify the parameters). * An optional key/value list for nonstandard extensions. (The format of the TLS options is not specified yet)