From 0ab2f566734609d572950d9281a219c96c4b60ea Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Mon, 6 Dec 2010 08:01:48 +0000 Subject: Initial version of trust assertion docbook. --- .gitignore | 3 + Makefile | 5 +- docbook-params.xsl | 39 +++++++ html/.gitignore | 1 + trust-assertions.xml | 314 +++++++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 361 insertions(+), 1 deletion(-) create mode 100644 .gitignore create mode 100644 docbook-params.xsl create mode 100644 html/.gitignore create mode 100644 trust-assertions.xml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..10ada4b --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +junk +*.tmp +*.pdf diff --git a/Makefile b/Makefile index e19e697..ddaa252 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,7 @@ +all: draft-pkcs11-trust-assertions.txt html/index.html + draft-pkcs11-trust-assertions.txt: draft-pkcs11-trust-assertions.xml xml2rfc $< -all: draft-pkcs11-trust-assertions.txt +html/index.html: docbook-params.xsl trust-assertions.xml + xmlto --skip-validation -o html/ -x docbook-params.xsl xhtml trust-assertions.xml diff --git a/docbook-params.xsl b/docbook-params.xsl new file mode 100644 index 0000000..5d8591a --- /dev/null +++ b/docbook-params.xsl @@ -0,0 +1,39 @@ + + + + + + + + 3 + 0 + + book toc + part nop + chapter toc + + style.css + ansi + 1 + 0 + 1 + + diff --git a/html/.gitignore b/html/.gitignore new file mode 100644 index 0000000..2d19fc7 --- /dev/null +++ b/html/.gitignore @@ -0,0 +1 @@ +*.html diff --git a/trust-assertions.xml b/trust-assertions.xml new file mode 100644 index 0000000..2b9fd10 --- /dev/null +++ b/trust-assertions.xml @@ -0,0 +1,314 @@ + + +
+ Storing Trust Assertions in PKCS#11 Modules +
+ Introduction + PKCS#11 is a useful and widely supported standard for storage and use + of keys and certificates. It is often used with smart cards. + + XXX +
+ +
+ Trust Assertions + A trust assertion describes a level of trust in a certain subject for a + given purpose. Conceptually each trust assertion is a triple + containing the following: + + + Reference to the Subject + Purpose + Level of Trust + + + We examine each of these parts of the triple in further detail below. + +
+ Level of Trust + + XXX + + + Untrusted: Explicitly untrusted. Override other + trust. + Unknown: The trust is not known and should be + determined elsewhere. + Trusted: Explicitly trusted. Override other + trust + +
+ +
+ Purpose + + A trust assertion refers to a specific purpose or usage. A + certificate may be trusted for purposes like: email, code signing, + authenticating a server. + + In addition to the usage, the purpose can contain a more specific + designation, such as the hostname of a server. + + The purpose can be a wildcard which matches any purpose. This is + especially useful for untrusted assertions. +
+ + +
+ Subject Reference + Each trust assertion contains a reference to the subject. This is the thing + that is trusted. In this specification we will deal exclusively with + certificates as the subject. However . + + There are two ways to refer to a certificate depending on whether + that certificate is being referred to as a trust root (like a certificate + authority) or referred to by another trusted certificate. + + Certificates used as trust roots are referred to by the complete DER + encoding of the certificate. + + Certificates verified by another certificate (signed as part + of a certificate chain) are referred to by the DER value of the issuer + field and the serial number. + + Referring to a trust root certificate by its issuer and serial number + is meaningless. + + Referring to a certificates signed by another certificate would preclude uses + such as certificate revocation lists. + + Therefore different methods MUST be used to refer certificates in these + different situations. +
+
+ +
+ PKCS#11 Trust Assertion Objects + + Trust assertions are stored as objects on a PKCS#11 token. Although these are + specific to a certificate, they do not need to be stored on the same token as + the certificate. Trust assertions objects are of the class CKO_G_TRUST_ASSERTION + and have the following attributes. + + + Trust root assertion + + + + Attribute + Data Type + Description + + + + + CKA_CLASS + CK_OBJECT_CLASS + CKO_G_TRUST_ASSERTION + + + CKA_G_TRUST_TYPE + CK_TRUST_TYPE + CKT_G_TRUST_ROOT + + + CKA_G_CERTIFICATE_VALUE + Byte array + DER SHA1 hash of the the DER-encoding of certificate. Required for + self-signed certificates. + + + CKA_G_PURPOSE + CK_UTF8_CHAR array + XXX + + + CKA_G_LEVEL + CK_TRUST_LEVEL + The trust level of this assertion + + + +
+ + + Trust exception assertion + + + + Attribute + Data Type + Description + + + + + CKA_CLASS + CK_OBJECT_CLASS + CKO_G_TRUST_ASSERTION + + + CKA_G_TRUST_TYPE + CK_TRUST_TYPE + CKT_G_TRUST_EXCEPTION + + + CKA_ISSUER + Byte array + DER-encoding of the certificate issuer name + + + CKA_SERIAL_NUMBER + Byte array + DER-encoding of the certificate serial number + + + CKA_G_PURPOSE + CK_UTF8_CHAR array + XXX + + + CKA_G_LEVEL + CK_TRUST_LEVEL + The trust level of this assertion + + + +
+ + + CK_TRUST_LEVEL represenst a level of trust. + + + + Value + Description + + + + + CKT_G_UNTRUSTED + Explicitly untrusted. Overrides trust determined elsewhere. + + + CKT_G_UNKNOWN + Trust is unknown and should be determined elsewhere. + + + CKT_G_TRUSTED + Explicitly trusts the certificate in the assertion. + + + +
+
+ +
+ Operations + +
+ Checking Trust Assertions + Trust assertions are checked using a PKCS#11 C_FindObjects operation. + + Because trust is involved and presence/lack of results is important, this + operation MUST be done with a specific set of lookup attributes. The + attributes used differ depending on whether the certificate is self-signed + or is signed by an issuer. + + Checking of trust assertions is always done for a specific purpose. + +
+ Checking a Trust Root + A C_FindObjects operation is done using the following attributes. + + + Values for checking a root certificate authority. + + + + Attribute + Value + + + + + CKA_CLASS + CKO_G_TRUST_ASSERTION + + + CKA_G_TRUST_TYPE + CKT_G_TRUST_ROOT + + + CKA_G_CERTIFICATE_VALUE + XXX + + + CKA_G_PURPOSE + XXX + + + CKA_G_TRUST_LEVEL + CKL_G_TRUSTED + + + +
+
+ +
+ Checking a Trust Exception + A C_FindObjects operation is done using the following attributes. + + + Values for checking a self-signed certificate. + + + + Attribute + Value + + + + + CKA_CLASS + CKO_NETSCAPE_TRUST + + + CKA_G_TRUST_TYPE + CKT_G_TRUST_EXCEPTION + + + CKA_ISSUER + XXX + + + CKA_SERIAL_NUMBER + XXX + + + CKA_G_PURPOSE + XXX + + + CKA_G_TRUST_LEVEL + CKL_G_UNTRUSTED + + + +
+
+
+
+ +
+ Acknowledgements + NSS: Who? +
+ +
+ Problems + xxxx +
+
-- cgit v1.2.3