Defining header for stapled certificate extensions
stef at thewalter.net
Tue Sep 9 22:44:26 PDT 2014
-----BEGIN PGP SIGNED MESSAGE-----
On 09.09.2014 16:49, Daniel Kahn Gillmor wrote:
> On 09/09/2014 06:56 AM, Stef Walter wrote:
>> I'm working on defining an installed p11-kit header for stapled
>> certificate extensions:
> just a note about terminology:
> you may not want to use the term "stapled" in this context, since
> it collides with a much more common use of the term "stapled"
> w.r.t. X.509 certificates, which is "OCSP stapling" and the
> associated "must staple" X.509 extension.
> I could imagine deciding that a given certificate should only be
> considered valid in a context with a stapled OCSP response. To
> implement that in the framework you've proposed would result an a
> stapled "must staple" extension. confusing!
> if the term "stapled" isn't yet baked in, would you consider other
> terms, like "associated extensions" or "extra extensions"?
> the concepts are already complex as it is; if we want software
> developers to understand the tools we're offering them, we should
> try to avoid any unnecessary confusion where possible.
Interesting, and a good point. How about "attached extensions"?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
-----END PGP SIGNATURE-----
More information about the p11-glue