RE: [pkcs11] Groups - Trust objects uploaded

[Michael Markowitz <markowitz@infoseccorp.com>]

My attempt to improve this is attached with tracked changes, comments and questions. Biggest omission in my mind is a clear statement about how exactly trust objects are to be matched with certs… clearly 1) issuer/serial number or 2) hash (or both) would suffice, but I don’t see an explicit statement to the effect that “1 or 2 is required” to actually make the object useful. I think match should be defined and then used in step 1 of the typical application flow.

 

-mjm

 

 

From: pkcs11@lists.oasis-open.org <pkcs11@lists.oasis-open.org> On Behalf Of Robert Relyea
Sent: Wednesday, August 10, 2022 3:10 PM
To: pkcs11@lists.oasis-open.org
Subject: [pkcs11] Groups - Trust objects uploaded

 

Submitter's message
First cut at trust objects. document includes notes on how the current private trust objects are used in NSS and differences between those trust object and the proposed spect.
-- Mr. Robert Relyea

Document Name: Trust objects

---

Description
First cut at trust objects. document includes notes on how the current
private trust objects are used in NSS and differences between those trust
object and the proposed spect.
Download Latest Revision
Public Download Link

---

Submitter: Mr. Robert Relyea
Group: OASIS PKCS 11 TC
Folder: Working Drafts
Date submitted: 2022-08-10 15:10:10

 

Attachment: pkcs11_trust_object.docx
Description: pkcs11_trust_object.docx