From ef5d6050fdbbd9e59e59b5de798a9e580ada137f Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Tue, 14 Dec 2010 15:07:58 +0000 Subject: Remove IPsec predefined values, and add purpose clarification. --- trust-assertions.xml | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/trust-assertions.xml b/trust-assertions.xml index fdfddf4..9450b8c 100644 --- a/trust-assertions.xml +++ b/trust-assertions.xml @@ -205,10 +205,13 @@ The CKA_X_PURPOSE attribute contains a string which represents the purpose of the trust assertion. These are generally OIDs. The following predefined values match those of the - Extended Key Usage X.509 extension. + Extended Key Usage X.509 extension. Other values may be used when interoperability of the trust assertion between multiple applications is not required. + Applications should ignore trust assertions whose CKA_X_PURPOSE attribute + they do not understand. They should not treat them as negative assertions. + Predefined Purposes @@ -235,18 +238,6 @@ 1.3.6.1.5.5.7.3.4 Email Protection - - 1.3.6.1.5.5.7.3.5 - IPsec Endpoint - - - 1.3.6.1.5.5.7.3.6 - IPsec Tunnel - - - 1.3.6.1.5.5.7.3.7 - IPsec User - 1.3.6.1.5.5.7.3.8 Time Stamping -- cgit v1.2.3