diff options
| author | Stef Walter <stef@thewalter.net> | 2010-12-12 15:01:51 +0000 |
|---|---|---|
| committer | Stef Walter <stef@thewalter.net> | 2010-12-12 15:01:51 +0000 |
| commit | 7174986407a9ca5c37bb7564fcf400e315d6d17e (patch) | |
| tree | f1ec6bb001a511b9fdd175ebdaf20dac9727f79f | |
| parent | 12f0e957f8058dd7c511374273faf68feb9ff4b2 (diff) | |
Add justification about CKA_TRUSTED.
| -rw-r--r-- | trust-assertions.xml | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/trust-assertions.xml b/trust-assertions.xml index b8cba93..8def7d8 100644 --- a/trust-assertions.xml +++ b/trust-assertions.xml @@ -608,6 +608,20 @@ hash thereof.</para> </section> + <section> + <title>How is this related to CKA_TRUSTED?</title> + + <para>Later versions of the PKCS#11 spec contain an attribute called <literal>CKA_TRUSTED</literal>. + This attribute can be set on public keys, secret keys, and certificates by an application + as a flag indicating trust in some form. <literal>CKA_TRUSTED</literal> can be used as a + crude form of marking which certificates can be used as a certificate authority trust + anchor.</para> + + <para>We see this specification as complementary to <literal>CKA_TRUSTED</literal>. This specification + defines a fine grained method for representing all sorts of positive and negative trust + assertions, and not just anchored certificates.</para> + </section> + </section> </article> |