From 1ba04663d0efd044c7b44f29c1ff72daf8e53271 Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Tue, 14 Dec 2010 14:50:44 +0000 Subject: Add consistent section identifiers. --- trust-assertions.xml | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/trust-assertions.xml b/trust-assertions.xml index c12dd99..2535fb9 100644 --- a/trust-assertions.xml +++ b/trust-assertions.xml @@ -21,7 +21,7 @@ -
+
Introduction Trust assertions are represent bits of trust information used by an @@ -52,7 +52,7 @@ for these other subjects.
-
+
Trust Assertions A trust assertion is a generic concept. Each trust assertion describes a level @@ -129,7 +129,7 @@
-
+
PKCS#11 Trust Assertion Objects Trust assertions are stored as objects on a PKCS#11 token. Although these are @@ -154,7 +154,7 @@ lists. Therefore different methods must be used to refer to certificates in these different situations. The objects below reflect this. -
+
Common Trust Assertion Object Attributes First we describe the attributes that all trust assertion objects have in @@ -287,7 +287,7 @@
-
+
Anchored Certificate Assertion An anchored certificate is a trust assertion which is to be used with a @@ -329,7 +329,7 @@
-
+
Pinned Certificate Assertion A pinned certificate is an endpoint certificate (not an authority) which is @@ -381,7 +381,7 @@
-
+
Distrusted Certificate Assertion An distrusted certificate is a trust assertion which signifies the explicit @@ -428,10 +428,10 @@
-
+
Operations -
+
Building a Certificate Chain During TLS or other certificate verification operations, a @@ -536,12 +536,12 @@
-
+
Justifications Some answers to why this spec was designed as it is. -
+
Why use a complete certificate DER encoding for positive trust assertions? Conceivably we could use a hash of the certificate instead of the CKA_X_CERTIFICATE_VALUE. @@ -554,7 +554,7 @@ that is not dependent on the long term viability of a specific hash algorithm.
-
+
Why refer to certificates in negative trust assertions by issuer and serial number? Certificate revocation lists @@ -567,7 +567,7 @@ of referencing certificates in negative trust assertions.
-
+
Why not use NSS Trust Objects? NSS contains an implementation of storing trust information via PKCS#11. @@ -599,7 +599,7 @@
-
+
Why not use PKCS#11 URIs? The PKCS#11 URI Scheme @@ -613,7 +613,7 @@ hash thereof.
-
+
How is this related to CKA_TRUSTED? Later versions of the PKCS#11 spec contain an attribute called CKA_TRUSTED. -- cgit v1.2.3