comparison with other stored security state mechanisms [was: Re: Sharing Trust Policy between Crypto Libraries]
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Jan 16 13:06:59 PST 2013
On 01/16/2013 09:27 AM, Stef Walter wrote:
> Well the Firefox UI uses the term 'Security Exception'. We might
> choose to call it a 'Certificate Exception'.
You mean in regards to the RFC 6125 meaning of "pinning", right?
That's certainly better than "pinning", and i suppose it makes sense
that it is an "exception" to the standard policy of "treat all
certificates invalid unless certified by a (chain to a) trusted authority."
I could imagine other possible exceptions that refer to certificates
too, though. i'm sorry i don't have any better terminology suggestions
right now, but i think "Certificate exception" is definitely a step in
the right direction.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freedesktop.org/archives/p11-glue/attachments/20130116/7eca372f/attachment.pgp>
More information about the p11-glue
mailing list