diff options
-rw-r--r-- | specs/sharing-trust-policy.xml | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/specs/sharing-trust-policy.xml b/specs/sharing-trust-policy.xml index 5bc3d9a..57bdcbb 100644 --- a/specs/sharing-trust-policy.xml +++ b/specs/sharing-trust-policy.xml @@ -50,7 +50,7 @@ coherent and future-proof manner. In addition to be an extensible concept, is relatively easy to implement and retrofit into existing code.</para> - <para>We are dealing here with the anchor other trust information used by a + <para>We are dealing here with the anchor of other trust information used by a validation algorithm that lives inside of a crypto library. This can be viewed as part of the input to the certificate validation algorithms. We are not dealing with the validation algorithms themselves. These are @@ -115,8 +115,8 @@ certificate extension included in it.</para> <para>But it very often occurs that trust policy included in certificate itself - is not enough. System builders, administrators, and others and wish to - override or adjust the trust policy that for a given certificate authority + is not enough. System builders, administrators, and others wish to + override or adjust the trust policy for a given certificate authority especially when used as an anchor. This overridden out-of-band trust policy is not included in the certificate.</para> @@ -373,7 +373,7 @@ CertAux ::= SEQUENCE { <listitem><para>This format has OpenSSL implementation specific traits. The PEM contents are the concatenation of two DER structures, and though trivially parseable with the OpenSSL DER parser, it - is awkward to parse especially when using a other and/or strict + is awkward to parse especially when using other and/or strict DER parsers.</para></listitem> </itemizedlist> </sect3> @@ -391,7 +391,7 @@ CertAux ::= SEQUENCE { <title>Deficiencies</title> <para>Although claiming to solve the problem of out-of-band trust policy - in a general way, closure inspection and application to the + in a general way, closer inspection and application to the real world exposed the following problems:</para> <itemizedlist> @@ -463,7 +463,7 @@ CertAux ::= SEQUENCE { certificate extensions are internal to the certificate, and are signed by the key holder of the certificate.</para> - <para>By adding additional certificate outside the X.509 certificate we can + <para>By adding additional certificate extensions outside the X.509 certificate we can represent out-of-band trust policy, as defined by a system builder, administrator or user.</para> @@ -644,7 +644,7 @@ StoredParameters ::= SEQUENCE { object model, by defining a few extra attributes.</para> <para>To make it clear which attributes are defined here and which are standard, - all new attributes and values the letters <literal>_X_</literal>. Once + all new attributes and values are prefixed by the letters <literal>_X_</literal>. Once standardized they would lose this tag.</para> <para>The standard CKA_TRUSTED boolean attribute is used on an object with the |