From 77fff4b727b19b413bd52026ffffc9b9e011a83b Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Mon, 13 Dec 2010 16:46:23 +0000 Subject: Use word 'distrust' instead of 'untrust'. Much better representation of what we mean, because 'untrust' can mean lack of trust as well as something you won't trust. --- trust-assertions.xml | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/trust-assertions.xml b/trust-assertions.xml index 8def7d8..fcb1623 100644 --- a/trust-assertions.xml +++ b/trust-assertions.xml @@ -69,9 +69,9 @@ - Untrusted + Distrusted The trust assertion marks the subject as explicitly - untrusted. This overrides other trust. + distrusted. This overrides other trust. Trusted @@ -95,7 +95,7 @@ Trust assertions that falsify trust can be called negative trust assertions. These trust assertions tear down trust in a subject. They assume the subject is already trusted, and want to revoke or falsify - that trust. These have a level of trust of untrusted. + that trust. These have a level of trust of distrusted. Examples of this kind of trust assertion are certificate revocation lists. Negative trust assertions always override positive trust assertions. @@ -273,9 +273,9 @@ explicit trust in a certificate. - CKT_X_UNTRUSTED_CERTIFICATE + CKT_X_DISTRUSTED_CERTIFICATE A negative trust assertion that represents an - explicit untrust in a certificate. + explicit distrust in a certificate. @@ -377,21 +377,21 @@
- Untrusted Certificate Assertion + Distrusted Certificate Assertion - An untrusted certificate is a trust assertion which signifies the explicit + An distrusted certificate is a trust assertion which signifies the explicit lack of trust in a certificate. An example of this is an item in a CRL - or a certificate explicitly marked as untrusted by a user. + or a certificate explicitly marked as distrusted by a user. Because it is a negative trust assertion, the certificate is referenced by a using the issuer and serial number of the certificate in question. In addition to the following, all the general trust assertion attributes - are present on a untrusted certificate assertion. + are present on a distrusted certificate assertion. - Untrusted Certificate Assertion Attributes + Distrusted Certificate Assertion Attributes @@ -404,7 +404,7 @@ CKA_X_ASSERTION_TYPE CK_X_ASSERTION_TYPE - CKT_X_UNTRUSTED_CERTIFICATE + CKT_X_DISTRUSTED_CERTIFICATE CKA_ISSUER @@ -507,17 +507,17 @@ Allow falsification for each certificate in the resulting certificate chain by checking whether each certificate has - an untrusted certificate assertion. If at any point an untrusted + an distrusted certificate assertion. If at any point an distrusted assertion is found (eg: a certificate listed on a certificate revocation list) then the certificate chain is considered invalid. - To check for untrusted certificates, perform a + To check for distrusted certificates, perform a C_FindObject operation with the following attributes: CKA_CLASS: CKO_X_ASSERTION_TYPE - CKA_X_ASSERTION_TYPE: CKT_X_UNTRUSTED_CERTIFICATE + CKA_X_ASSERTION_TYPE: CKT_X_DISTRUSTED_CERTIFICATE CKA_X_CERTIFICATE_VALUE: DER encoding of certificate CKA_X_PURPOSE: purpose string @@ -557,7 +557,7 @@ They simply contain serial numbers, which when combined with the issuer of the certificate revocation list, are meant to uniquely identify a given certificate. - In order to support CRLs exposed as untrusted certificate assertions (which is one + In order to support CRLs exposed as distrusted certificate assertions (which is one of the design goals of this specification) we must limit ourselves to this method of referencing certificates in negative trust assertions. -- cgit v1.2.3