[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [pkcs11] Groups - Trust objects uploaded
Sorry… yeah, I too apparently pulled the doc from a stale wiki link. Back to the drawing table… -mjm From: JOHNSON Darren <darren.johnson@thalesgroup.com>
Hi, this latest upload appears to be based on the older version of the proposal, not the latest one. It has the older CKA_ISSUER, and possibly other older content. DJ From: pkcs11@lists.oasis-open.org <pkcs11@lists.oasis-open.org>
On Behalf Of Robert Relyea On 2/15/23 8:53 AM, Michael Markowitz wrote:
Thanks Michael. Both have to match. issuer/serial number is used to look up the trust object, the hash verifies that the trust object applies to the cert. This is necessary because someone could create a bogus root cert that matches the issuer/seriall number,
but not be the trusted cert. I'll look at your proposed wording. bob
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]