Spec: Sharing Trust Policy
Various crypto libraries have various ways to represent and store information about which Certificate Authorities are to be used as trust anchors. They also have different ways to represent certificates that are blacklisted.
This has led to a poor experience and a lack of coherency on Linux when it comes to validating certificates.
This is an effort to define a standard way to represent trust policy, anchor certificates and black lists. These should be represented in a coherent and future-proof manner. The outlined solution, in addition to be an extensible concept, is relatively easy to implement and retrofit into existing code.
The specification document is in a state of early construction.
Contributing
- Mailing list: p11-glue@lists.freedesktop.org
- Bugs: github issue tracker