Re: gnome-keyring trust assertions



On 2010-12-12 07:49, Yaron Sheffer wrote:
> I know people hate to discuss terminology, but I cannot resist :-)

Heh. But this is the right place and time for it :)

> In the IETF PKIX community (e.g. http://tools.ietf.org/html/rfc5934) the
> term "trust anchor" is used, instead of the unadorned (and highly
> overloaded, etc.) "trust". So this could be "trust anchor assertions" or
> "trust anchor properties". And we would need to cringe a little less...

We could definitely use better terminology. Sadly I don't think "trust
anchor" is it. "Trust anchor" only describes part of the concept here,
since trust assertions also represents pinned certificates, and
untrusted things like certificate revocation lists.

Actually the use of the term "trust assertions" doesn't really worry me
that much. We define this term as a specific concept, and then use it
consistently. It's the other uses of the word 'trust' that make me cringe :(

> And regarding the spec: please spell "IPsec" consistently (and this is
> the common way to spell it). 

Done.

What do you mean by the "IPsec Tunnel"
> purpose? Shouldn't it be "IPsec Gateway" instead? 

I think the actual term (in RFC 2459, it turns out) is "IPsec Tunnel".

BTW, that is the
> canonical reference for values of the Extended Key Usage Field? Note
> that RFC 3280 has been obsoleted by RFC 5280.

I've updated the various RFC links. Thanks for pointing that out.

Uploaded a new version of the spec [1]. Thanks for taking the time to
look it over.

Cheers,

Stef

[1] http://people.collabora.co.uk/~stefw/trust-assertions.html


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]