stapling extensions to public keys instead of certificates? [was: Re: Sharing Trust Policy between Crypto Libraries]
Simo Sorce
simo at redhat.com
Fri Jan 4 07:12:15 PST 2013
On Thu, 2013-01-03 at 23:28 +0100, Stef Walter wrote:
> Which raises the question (for me at least):
>
> If it makes sense to store trust policy associated the public key *of*
> a certificate instead of the certificate itself (see question above),
> then should stapled certificate extensions should always be associated
> with a given public key, and never with a certificate directly?
>
> Obviously this depends on the earlier questions.
Why would it make any sense to store trust policies associated to a key
rather than the cert ? Sorry if I haven't seen the rationale, feel free
to point me at anywhere where it is explained.
If there isn't a good reason I would think it makes little sense.
--
Simo Sorce * Red Hat, Inc * New York
More information about the p11-glue
mailing list