Defining header for stapled certificate extensions
Stef Walter
stef at thewalter.net
Tue Sep 9 22:44:26 PDT 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 09.09.2014 16:49, Daniel Kahn Gillmor wrote:
> On 09/09/2014 06:56 AM, Stef Walter wrote:
>> I'm working on defining an installed p11-kit header for stapled
>> certificate extensions:
>>
>> https://bugs.freedesktop.org/show_bug.cgi?id=83495
>
> just a note about terminology:
>
> you may not want to use the term "stapled" in this context, since
> it collides with a much more common use of the term "stapled"
> w.r.t. X.509 certificates, which is "OCSP stapling" and the
> associated "must staple" X.509 extension.
>
> I could imagine deciding that a given certificate should only be
> considered valid in a context with a stapled OCSP response. To
> implement that in the framework you've proposed would result an a
> stapled "must staple" extension. confusing!
>
> if the term "stapled" isn't yet baked in, would you consider other
> terms, like "associated extensions" or "extra extensions"?
>
> the concepts are already complex as it is; if we want software
> developers to understand the tools we're offering them, we should
> try to avoid any unnecessary confusion where possible.
Interesting, and a good point. How about "attached extensions"?
Cheers,
Stef
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlQP5ToACgkQe/sRCNknZa9tkQCfXI9A3qSq4omypHYqtbzttCGX
paIAnAurfYdecvWKiG7NpYqA+0+RJC+B
=vTU/
-----END PGP SIGNATURE-----
More information about the p11-glue
mailing list