Sharing Trust Policy between Crypto Libraries
Stef Walter
stefw at redhat.com
Thu Jan 3 13:47:18 PST 2013
On 01/03/2013 09:45 PM, Nikos Mavrogiannopoulos wrote:
> On Thu, Jan 3, 2013 at 9:02 PM, Daniel Kahn Gillmor
> <dkg at fifthhorseman.net> wrote:
>
>> Attached is a patch full of what i think are pretty uncontroversial
>> nitpicks based on the current published HEAD.
>
> One small patch also to allow for a subjectpublickeyinfo structure
> instead of a full certificate.
In principle I agree with this change. But don't you think it needs more
explanation than just that one fix?
Just to recap, the concept of stapled certificate extensions would be
extended to be able to staple certificate extensions to raw public keys.
Nikos brought this up in another discussion.
So there would be updates to various parts of the document for that,
including the ASN.1 and PKCS#11 sections. I'd also like to get a better
understanding of these (new) protocols [1] and how the raw public keys
are used together with trust policy.
Cheers,
Stef
[1] like http://tools.ietf.org/html/draft-ietf-tls-oob-pubkey-06
More information about the p11-glue
mailing list