comparison with other stored security state mechanisms [was: Re: Sharing Trust Policy between Crypto Libraries]
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Jan 16 13:06:59 PST 2013
On 01/16/2013 09:27 AM, Stef Walter wrote:
> Well the Firefox UI uses the term 'Security Exception'. We might
> choose to call it a 'Certificate Exception'.
You mean in regards to the RFC 6125 meaning of "pinning", right?
That's certainly better than "pinning", and i suppose it makes sense
that it is an "exception" to the standard policy of "treat all
certificates invalid unless certified by a (chain to a) trusted authority."
I could imagine other possible exceptions that refer to certificates
too, though. i'm sorry i don't have any better terminology suggestions
right now, but i think "Certificate exception" is definitely a step in
the right direction.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1027 bytes
Desc: OpenPGP digital signature
More information about the p11-glue