On 3.3.2014 15:07, Stef Walter wrote:
On 03.03.2014 15:03, Jan Cholasta wrote:
If you plug a PKCS#11 module into p11-kit, will p11-kit use NSS trust
objects from the module?
No. This is the spec for storing trust policy in PKCS#11 that we've been
working on:
http://p11-glue.freedesktop.org/doc/storing-trust-policy/
It's a far more extensible and future proof model. The p11-kit-trust
module stores/loads these sorts of objects, and additionally also
generates NSS trust objects on the fly so that NSS can consume the
information.
It doesn't do that last bit for third party sources, but it could given
code :)
Code is not a problem :)
What would be the best way to provide trust policy to p11-kit from a
third party PKCS#11 module, if not NSS trust objects?
--
Jan Cholasta
_______________________________________________
Freeipa-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-devel
