Spec: Trust Assertions

Note: Trust assertions were a conceptual way to share trust information. They have been withdrawn as a solution worth gathering around. The current discussion is directed towards Storing Trust Policy.

The following remains here for historical reference.

A trust assertion represents a single piece of information about the user's or system's trust preferences. These can be used to make consistent trust decisions.

There's a specification for how trust assertions work, and how they can be stored within PKCS#11.

NSS uses similar method of storing trust information, called Trust Objects, which were studied as part of this research. But they had too many drawbacks to make them the candidate for adoption as a 'glue' mechanism.

However implementors of trust assertions can easily support NSS-style trust objects at the same time. Gnome Keyring for example does this.


Source Repository

The source code is available via git.

$ git clone https://github.com/p11-glue/pkcs11-trust-assertions

Implementations and Integration