From ef5d6050fdbbd9e59e59b5de798a9e580ada137f Mon Sep 17 00:00:00 2001
From: Stef Walter <stef@thewalter.net>
Date: Tue, 14 Dec 2010 15:07:58 +0000
Subject: Remove IPsec predefined values, and add purpose clarification.

---
 trust-assertions.xml | 17 ++++-------------
 1 file changed, 4 insertions(+), 13 deletions(-)

diff --git a/trust-assertions.xml b/trust-assertions.xml
index fdfddf4..9450b8c 100644
--- a/trust-assertions.xml
+++ b/trust-assertions.xml
@@ -205,10 +205,13 @@
 			<para>The <literal>CKA_X_PURPOSE</literal> attribute contains a string which represents
 				the <link linkend='trust-purpose'>purpose of the trust assertion</link>. These are
 				generally OIDs. The following predefined values match those of the
-				<ulink url='http://www.ietf.org/rfc/rfc2459.txt'>Extended Key Usage X.509 extension</ulink>.
+				<ulink url='http://www.ietf.org/rfc/rfc5280.txt'>Extended Key Usage X.509 extension</ulink>.
 				Other values may be used when interoperability of the trust assertion between multiple
 				applications is not required.</para>
 
+			<para>Applications should ignore trust assertions whose <literal>CKA_X_PURPOSE</literal> attribute
+				they do not understand. They should not treat them as negative assertions.</para>
+
 			<table id='defined-purposes'>
 				<title>Predefined Purposes</title>
 				<tgroup cols="2">
@@ -235,18 +238,6 @@
 							<entry><literal>1.3.6.1.5.5.7.3.4</literal></entry>
 							<entry>Email Protection</entry>
 						</row>
-						<row>
-							<entry><literal>1.3.6.1.5.5.7.3.5</literal></entry>
-							<entry>IPsec Endpoint</entry>
-						</row>
-						<row>
-							<entry><literal>1.3.6.1.5.5.7.3.6</literal></entry>
-							<entry>IPsec Tunnel</entry>
-						</row>
-						<row>
-							<entry><literal>1.3.6.1.5.5.7.3.7</literal></entry>
-							<entry>IPsec User</entry>
-						</row>
 						<row>
 							<entry><literal>1.3.6.1.5.5.7.3.8</literal></entry>
 							<entry>Time Stamping</entry>
-- 
cgit v1.2.3