Sharing Trust Policy between Crypto Libraries

Nikos Mavrogiannopoulos n.mavrogiannopoulos at
Fri Jan 4 15:11:06 PST 2013

On 01/03/2013 10:47 PM, Stef Walter wrote:

> On 01/03/2013 09:45 PM, Nikos Mavrogiannopoulos wrote:
>> On Thu, Jan 3, 2013 at 9:02 PM, Daniel Kahn Gillmor
>> <dkg at> wrote:
>>> Attached is a patch full of what i think are pretty uncontroversial
>>> nitpicks based on the current published HEAD.
>> One small patch also to allow for a subjectpublickeyinfo structure
>> instead of a full certificate.
> In principle I agree with this change. But don't you think it needs more
> explanation than just that one fix?

Indeed. The information in my previous mails apply. Unfortunately I'm
extremely busy at that time. I hope I'll find some time to polish it up.

> So there would be updates to various parts of the document for that,
> including the ASN.1 and PKCS#11 sections. I'd also like to get a better
> understanding of these (new) protocols [1] and how the raw public keys
> are used together with trust policy.
> [1] like

That's no new protocol actually. It just allows TLS to use a raw public
key instead of a certificate. That way one avoids to use self-signed
certificate that contain nonsense and use the raw keys where applicable.
That's only a proposal, whether it is ever adopted I don't know.


More information about the p11-glue mailing list