[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [pkcs11] Groups - Trust objects uploaded
On 8/22/22 2:19 PM, Jonathan Schulze-Hewett wrote:
No there isn't a differnence. CKA_ISSUER for CKC_X_509 is the same as CKA_ISSUER for CKO_TRUST.Other comments/thoughts: * In my library I set CKA_ISSUER for CKC_X_509 certificates the same way I do for CKO_NETSCAPE_TRUST. It's the DER-encoding of the issuer name in the certificate. Are they really different here?
If it's not supplied in the template, then it has to default to empty. Of course if it's empty only CKT_NOT_TRUSTED and CKT_TRUST_UNKNOWN are valid. (The token doesn't necessarily have the certificate to fill it in).* Should CKA_HASH_OF_CERTIFICATE's meaning entry just say "Hash of the certificate (default empty)." and not mention SHA-1?
* CKA_NAME_HASH_ALGORITHM's meaning should include CKA_HASH_OF_CERTIFICATE.
Yes, and it it's empty we can default it to SHA-1.These to attributes are different than what NSS does today, which is supply an SHA-1 hash and and MD5 hash.
Good point, I think in NSS it's always true, but you could have a session Trust object to supply temporary trust for a while.* Does CKA_TOKEN need to be true or can it be false?
I was following another example, which had separate footnotes, but I'm OK with merging in the Trust object footnote and using table 11.* The footnotes should correspond to table 11 rather than being separately defined.
I'm OK with that naming (CKT_TRUSTED_DELEGATOR is just what the current NSS code calls it.* CKT_TRUSTED_DELEGATOR might be better as CKT_TRUST_ANCHOR.
Sincerely, JonathanFrom: pkcs11@lists.oasis-open.org <pkcs11@lists.oasis-open.org> On Behalf Of Robert Relyea Sent: Wednesday, August 10, 2022 5:10 PM To: pkcs11@lists.oasis-open.org Subject: [EXT][pkcs11] Groups - Trust objects uploadedTHIS MESSAGE COMES FROM AN EXTERNAL SOURCE. PLEASE VERIFY THE CONTENTS OF THIS MESSAGE BEFORE PROCEEDING. Submitter's message First cut at trust objects. document includes notes on how the current private trust objects are used in NSS and differences between those trust object and the proposed spect. -- Mr. Robert Relyea Document Name: Trust objects <https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.oasis -open.org%2Fapps%2Forg%2Fworkgroup%2Fpkcs11%2Fdocument.php%3Fdocument_id%3D7 0256&data=05%7C01%7Cschulze-hewett%40infoseccorp.com%7Ca113ad692cab456a80b50 8da7b1d18f7%7Cf8afa6aefcf941af84e8cca28837a74a%7C1%7C0%7C637957662515086284% 7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwi LCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=RnO0fW93h2ByV5%2FSaiqa%2FizJEqcdTJNqzCi gQC2rBIU%3D&reserved=0> _____ Description First cut at trust objects. document includes notes on how the current private trust objects are used in NSS and differences between those trust object and the proposed spect. Download Latest Revision <https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.oasis -open.org%2Fapps%2Forg%2Fworkgroup%2Fpkcs11%2Fdownload.php%2F70256%2Flatest% 2Fpkcs11_trust_object.docx&data=05%7C01%7Cschulze-hewett%40infoseccorp.com%7 Ca113ad692cab456a80b508da7b1d18f7%7Cf8afa6aefcf941af84e8cca28837a74a%7C1%7C0 %7C637957662515086284%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2 luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=MkHz0FnwH5ov9HU%2 FFrPt1RPJd%2BORfnxnYu6kxrQzE5c%3D&reserved=0> Public Download Link <https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.oasis -open.org%2Fcommittees%2Fdocument.php%3Fdocument_id%3D70256%26wg_abbrev%3Dpk cs11&data=05%7C01%7Cschulze-hewett%40infoseccorp.com%7Ca113ad692cab456a80b50 8da7b1d18f7%7Cf8afa6aefcf941af84e8cca28837a74a%7C1%7C0%7C637957662515086284% 7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwi LCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=mFI4sHnEvzvhdT5zjIORg93JBsopt%2BXza12xa ISSYX8%3D&reserved=0> _____ Submitter: Mr. Robert Relyea Group: OASIS PKCS 11 TC Folder: Working Drafts Date submitted: 2022-08-10 15:10:10
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]