From: Sam Hartman <hartmans@debian.org>
Date: Mon, 27 Jun 2011 23:54:39 +0000 (-0400)
Subject: Add data for trust anchor ID card
X-Git-Url: http://www.project-moonshot.org/gitweb/?p=devwiki.git;a=commitdiff_plain;h=65c8d66575ebfe1f1e90367923a8255c45530cd9

Add data for trust anchor ID card
---

diff --git a/design/trust-anchor.mdwn b/design/trust-anchor.mdwn
index d2dfdf2..ed0a74d 100644
--- a/design/trust-anchor.mdwn
+++ b/design/trust-anchor.mdwn
@@ -68,6 +68,15 @@ very consistent on this point.
 * Storing a certificate hash  tends to create operational complexity if
   there is not an update mechanism when servers need to rekey
 
+## What needs to represent a trust anchor on an ID card
+
+* An optional base64-encoded CA certificate (a relatively long base64 string)
+* An optional subject name constraint (string)
+* An optional subject alternative name constraint (string)
+* An optional hash of a server certificate
+
+The server certificate hash field is mutually exclusive with the other fields.
+
 
 ## An option