diff options
author | Stef Walter <stef@thewalter.net> | 2010-12-12 15:01:51 +0000 |
---|---|---|
committer | Stef Walter <stefw@collabora.co.uk> | 2013-01-02 09:04:08 +0100 |
commit | 1cc314483b647112c17ecf928c38d1450444a7da (patch) | |
tree | 875e4a28cc6f2ba88a590994bd0d9752849a3b35 | |
parent | e69041035c1df1eb3f1286217dbacf018bd4fd6a (diff) |
Add justification about CKA_TRUSTED.
-rw-r--r-- | specs/trust-assertions.xml | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/specs/trust-assertions.xml b/specs/trust-assertions.xml index b8cba93..8def7d8 100644 --- a/specs/trust-assertions.xml +++ b/specs/trust-assertions.xml @@ -608,6 +608,20 @@ hash thereof.</para> </section> + <section> + <title>How is this related to CKA_TRUSTED?</title> + + <para>Later versions of the PKCS#11 spec contain an attribute called <literal>CKA_TRUSTED</literal>. + This attribute can be set on public keys, secret keys, and certificates by an application + as a flag indicating trust in some form. <literal>CKA_TRUSTED</literal> can be used as a + crude form of marking which certificates can be used as a certificate authority trust + anchor.</para> + + <para>We see this specification as complementary to <literal>CKA_TRUSTED</literal>. This specification + defines a fine grained method for representing all sorts of positive and negative trust + assertions, and not just anchored certificates.</para> + </section> + </section> </article> |