projects
/
devwiki.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
7dcce2c
)
Add data for trust anchor ID card
author
Sam Hartman
<hartmans@debian.org>
Mon, 27 Jun 2011 23:54:39 +0000
(19:54 -0400)
committer
Sam Hartman
<hartmans@debian.org>
Mon, 27 Jun 2011 23:54:39 +0000
(19:54 -0400)
design/trust-anchor.mdwn
patch
|
blob
|
history
diff --git
a/design/trust-anchor.mdwn
b/design/trust-anchor.mdwn
index
d2dfdf2
..
ed0a74d
100644
(file)
--- a/
design/trust-anchor.mdwn
+++ b/
design/trust-anchor.mdwn
@@
-68,6
+68,15
@@
very consistent on this point.
* Storing a certificate hash tends to create operational complexity if
there is not an update mechanism when servers need to rekey
* Storing a certificate hash tends to create operational complexity if
there is not an update mechanism when servers need to rekey
+## What needs to represent a trust anchor on an ID card
+
+* An optional base64-encoded CA certificate (a relatively long base64 string)
+* An optional subject name constraint (string)
+* An optional subject alternative name constraint (string)
+* An optional hash of a server certificate
+
+The server certificate hash field is mutually exclusive with the other fields.
+
## An option
## An option