Sharing Trust Policy between Crypto Libraries
Nikos Mavrogiannopoulos
n.mavrogiannopoulos at gmail.com
Fri Jan 4 15:11:06 PST 2013
On 01/03/2013 10:47 PM, Stef Walter wrote:
> On 01/03/2013 09:45 PM, Nikos Mavrogiannopoulos wrote:
>> On Thu, Jan 3, 2013 at 9:02 PM, Daniel Kahn Gillmor
>> <dkg at fifthhorseman.net> wrote:
>>
>>> Attached is a patch full of what i think are pretty uncontroversial
>>> nitpicks based on the current published HEAD.
>>
>> One small patch also to allow for a subjectpublickeyinfo structure
>> instead of a full certificate.
>
> In principle I agree with this change. But don't you think it needs more
> explanation than just that one fix?
Indeed. The information in my previous mails apply. Unfortunately I'm
extremely busy at that time. I hope I'll find some time to polish it up.
> So there would be updates to various parts of the document for that,
> including the ASN.1 and PKCS#11 sections. I'd also like to get a better
> understanding of these (new) protocols [1] and how the raw public keys
> are used together with trust policy.
> [1] like http://tools.ietf.org/html/draft-ietf-tls-oob-pubkey-06
That's no new protocol actually. It just allows TLS to use a raw public
key instead of a certificate. That way one avoids to use self-signed
certificate that contain nonsense and use the raw keys where applicable.
That's only a proposal, whether it is ever adopted I don't know.
regards,
Nikos
More information about the p11-glue
mailing list