Defining header for stapled certificate extensions
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Sep 9 07:49:59 PDT 2014
On 09/09/2014 06:56 AM, Stef Walter wrote:
> I'm working on defining an installed p11-kit header for stapled
> certificate extensions:
just a note about terminology:
you may not want to use the term "stapled" in this context, since it
collides with a much more common use of the term "stapled" w.r.t. X.509
certificates, which is "OCSP stapling" and the associated "must staple"
I could imagine deciding that a given certificate should only be
considered valid in a context with a stapled OCSP response. To
implement that in the framework you've proposed would result an a
stapled "must staple" extension. confusing!
if the term "stapled" isn't yet baked in, would you consider other
terms, like "associated extensions" or "extra extensions"?
the concepts are already complex as it is; if we want software
developers to understand the tools we're offering them, we should try to
avoid any unnecessary confusion where possible.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 949 bytes
Desc: OpenPGP digital signature
More information about the p11-glue