diff options
| author | Stef Walter <stefw@redhat.com> | 2013-06-26 10:06:00 +0200 |
|---|---|---|
| committer | Stef Walter <stefw@redhat.com> | 2013-06-26 10:06:00 +0200 |
| commit | 789329de32859d2b230b5c912c4a25e9a1d4104b (patch) | |
| tree | e3156c5ca9866196edc4c57554652513398ced84 | |
| parent | a435786252ef43880339c4a48d172a168a02613b (diff) | |
Define behavior when a key/certificate is both an anchor and blacklisted
| -rw-r--r-- | specs/storing-trust-model.xml | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/specs/storing-trust-model.xml b/specs/storing-trust-model.xml index e82c217..ba4537a 100644 --- a/specs/storing-trust-model.xml +++ b/specs/storing-trust-model.xml @@ -477,6 +477,13 @@ results against a store, it should not continue to on to lower priority stores. In this way items in higher priority stores override information in lower priority stores.</para> + + <para>If a public key or certificate is both in the set of anchors and the + blacklist set, then the caller should treat it as black listed. This means that both + the anchors and blacklist sets in a given store should be consulted when + validating certificates or keys. However again, as noted above, once a store + returns results for a key, stores with a lower priority should not be consulted + for trust information about that key.</para> </sect2> </sect1> |