I'm working on an internet draft describing application-level analog of
I named the proposed file format Certificate Limitation Profile.

I think that current model of trust when only CAs can revoke the
issued by them does not fit current situation, and we also need app-level
as browser vendors (Google, Mozilla) already do.

Currently such limitations are hard coded into the particular software.
Being standardized, it will be possible to reuse such limitations across
various applications and avoid hard-coding.

Here is the link to the draft:

The current version of the draft (hopefully) describes necessary ASN.1
that are enough for the most practical cases. I have middle-term plans to
provide a support of the draft in OpenSSL, if the idea seems interesting

Any feedback is welcome.

Thank you!

SY, Dmitry Belyavsky
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Reply via email to