summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStef Walter <stef@thewalter.net>2010-12-13 16:46:23 +0000
committerStef Walter <stef@thewalter.net>2010-12-13 16:46:23 +0000
commit77fff4b727b19b413bd52026ffffc9b9e011a83b (patch)
tree39d3423fba97bdac38d0ad69ab2194ea888369f1
parent7174986407a9ca5c37bb7564fcf400e315d6d17e (diff)
Use word 'distrust' instead of 'untrust'.
Much better representation of what we mean, because 'untrust' can mean lack of trust as well as something you won't trust.
-rw-r--r--trust-assertions.xml30
1 files changed, 15 insertions, 15 deletions
diff --git a/trust-assertions.xml b/trust-assertions.xml
index 8def7d8..fcb1623 100644
--- a/trust-assertions.xml
+++ b/trust-assertions.xml
@@ -69,9 +69,9 @@
<variablelist>
<varlistentry>
- <term>Untrusted</term>
+ <term>Distrusted</term>
<listitem><para>The trust assertion marks the subject as explicitly
- untrusted. This overrides other trust.</para></listitem>
+ distrusted. This overrides other trust.</para></listitem>
</varlistentry>
<varlistentry>
<term>Trusted</term>
@@ -95,7 +95,7 @@
<para>Trust assertions that falsify trust can be called <emphasis>negative trust
assertions</emphasis>. These trust assertions tear down trust in a subject. They
assume the subject is already trusted, and want to revoke or falsify
- that trust. These have a level of trust of <emphasis>untrusted</emphasis>.
+ that trust. These have a level of trust of <emphasis>distrusted</emphasis>.
Examples of this kind of trust assertion are certificate revocation lists.</para>
<para>Negative trust assertions always override positive trust assertions.</para>
@@ -273,9 +273,9 @@
explicit trust in a certificate.</entry>
</row>
<row>
- <entry><literal>CKT_X_UNTRUSTED_CERTIFICATE</literal></entry>
+ <entry><literal>CKT_X_DISTRUSTED_CERTIFICATE</literal></entry>
<entry>A negative trust assertion that represents an
- explicit untrust in a certificate.</entry>
+ explicit distrust in a certificate.</entry>
</row>
</tbody>
</tgroup>
@@ -377,21 +377,21 @@
</section>
<section>
- <title>Untrusted Certificate Assertion</title>
+ <title>Distrusted Certificate Assertion</title>
- <para>An untrusted certificate is a trust assertion which signifies the explicit
+ <para>An distrusted certificate is a trust assertion which signifies the explicit
lack of trust in a certificate. An example of this is an item in a CRL
- or a certificate explicitly marked as untrusted by a user.</para>
+ or a certificate explicitly marked as distrusted by a user.</para>
<para>Because it is a negative trust assertion, the certificate is referenced by
a using the issuer and serial number of the certificate in question.</para>
<para>In addition to the following, all the
<link linkend='assertion-attributes'>general trust assertion attributes</link>
- are present on a untrusted certificate assertion.</para>
+ are present on a distrusted certificate assertion.</para>
<table>
- <title>Untrusted Certificate Assertion Attributes</title>
+ <title>Distrusted Certificate Assertion Attributes</title>
<tgroup cols="3">
<thead>
<row>
@@ -404,7 +404,7 @@
<row>
<entry><literal>CKA_X_ASSERTION_TYPE</literal></entry>
<entry><literal>CK_X_ASSERTION_TYPE</literal></entry>
- <entry><literal>CKT_X_UNTRUSTED_CERTIFICATE</literal></entry>
+ <entry><literal>CKT_X_DISTRUSTED_CERTIFICATE</literal></entry>
</row>
<row>
<entry><literal>CKA_ISSUER</literal></entry>
@@ -507,17 +507,17 @@
<listitem>
<para>Allow falsification for each certificate in the resulting
certificate chain by checking whether each certificate has
- an untrusted certificate assertion. If at any point an untrusted
+ an distrusted certificate assertion. If at any point an distrusted
assertion is found (eg: a certificate listed on a certificate
revocation list) then the certificate chain is considered invalid.</para>
- <para>To check for untrusted certificates, perform a
+ <para>To check for distrusted certificates, perform a
<literal>C_FindObject</literal> operation with the following
attributes:</para>
<programlisting>
CKA_CLASS: CKO_X_ASSERTION_TYPE
- CKA_X_ASSERTION_TYPE: CKT_X_UNTRUSTED_CERTIFICATE
+ CKA_X_ASSERTION_TYPE: CKT_X_DISTRUSTED_CERTIFICATE
CKA_X_CERTIFICATE_VALUE: <emphasis>DER encoding of certificate</emphasis>
CKA_X_PURPOSE: <emphasis>purpose string</emphasis>
</programlisting>
@@ -557,7 +557,7 @@
They simply contain serial numbers, which when combined with the issuer of the
certificate revocation list, are meant to uniquely identify a given certificate.</para>
- <para>In order to support CRLs exposed as untrusted certificate assertions (which is one
+ <para>In order to support CRLs exposed as distrusted certificate assertions (which is one
of the design goals of this specification) we must limit ourselves to this method
of referencing certificates in negative trust assertions.</para>
</section>