summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--trust-assertions.xml14
1 files changed, 14 insertions, 0 deletions
diff --git a/trust-assertions.xml b/trust-assertions.xml
index b8cba93..8def7d8 100644
--- a/trust-assertions.xml
+++ b/trust-assertions.xml
@@ -608,6 +608,20 @@
hash thereof.</para>
</section>
+ <section>
+ <title>How is this related to CKA_TRUSTED?</title>
+
+ <para>Later versions of the PKCS#11 spec contain an attribute called <literal>CKA_TRUSTED</literal>.
+ This attribute can be set on public keys, secret keys, and certificates by an application
+ as a flag indicating trust in some form. <literal>CKA_TRUSTED</literal> can be used as a
+ crude form of marking which certificates can be used as a certificate authority trust
+ anchor.</para>
+
+ <para>We see this specification as complementary to <literal>CKA_TRUSTED</literal>. This specification
+ defines a fine grained method for representing all sorts of positive and negative trust
+ assertions, and not just anchored certificates.</para>
+ </section>
+
</section>
</article>