[Freeipa-devel] LDAP schema for PKCS#11
Jan Cholasta
jcholast at redhat.com
Mon Mar 3 14:24:30 UTC 2014
On 3.3.2014 15:07, Stef Walter wrote:
> On 03.03.2014 15:03, Jan Cholasta wrote:
>> If you plug a PKCS#11 module into p11-kit, will p11-kit use NSS trust
>> objects from the module?
>
> No. This is the spec for storing trust policy in PKCS#11 that we've been
> working on:
>
> http://p11-glue.freedesktop.org/doc/storing-trust-policy/
>
> It's a far more extensible and future proof model. The p11-kit-trust
> module stores/loads these sorts of objects, and additionally also
> generates NSS trust objects on the fly so that NSS can consume the
> information.
>
> It doesn't do that last bit for third party sources, but it could given
> code :)
Code is not a problem :)
What would be the best way to provide trust policy to p11-kit from a
third party PKCS#11 module, if not NSS trust objects?
--
Jan Cholasta
More information about the Freeipa-devel
mailing list