Sharing Trust Policy between Crypto Libraries

Stef Walter stefw at
Thu Jan 3 13:47:18 PST 2013

On 01/03/2013 09:45 PM, Nikos Mavrogiannopoulos wrote:
> On Thu, Jan 3, 2013 at 9:02 PM, Daniel Kahn Gillmor
> <dkg at> wrote:
>> Attached is a patch full of what i think are pretty uncontroversial
>> nitpicks based on the current published HEAD.
> One small patch also to allow for a subjectpublickeyinfo structure
> instead of a full certificate.

In principle I agree with this change. But don't you think it needs more
explanation than just that one fix?

Just to recap, the concept of stapled certificate extensions would be
extended to be able to staple certificate extensions to raw public keys.
Nikos brought this up in another discussion.

So there would be updates to various parts of the document for that,
including the ASN.1 and PKCS#11 sections. I'd also like to get a better
understanding of these (new) protocols [1] and how the raw public keys
are used together with trust policy.



[1] like

More information about the p11-glue mailing list