comparison with other stored security state mechanisms [was: Re: Sharing Trust Policy between Crypto Libraries]

Daniel Kahn Gillmor dkg at
Wed Jan 16 13:06:59 PST 2013

On 01/16/2013 09:27 AM, Stef Walter wrote:
> Well the Firefox UI uses the term 'Security Exception'. We might
> choose to call it a 'Certificate Exception'.

You mean in regards to the RFC 6125 meaning of "pinning", right?

That's certainly better than "pinning", and i suppose it makes sense
that it is an "exception" to the standard policy of "treat all
certificates invalid unless certified by a (chain to a) trusted authority."

I could imagine other possible exceptions that refer to certificates
too, though.  i'm sorry i don't have any better terminology suggestions
right now, but i think "Certificate exception" is definitely a step in
the right direction.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the p11-glue mailing list