[openssl-dev] Certificate Limitation Profile
Dmitry Belyavsky
beldmit at gmail.com
Mon Nov 27 16:56:00 UTC 2017
Hello,
I'm working on an internet draft describing application-level analog of
CRLs.
I named the proposed file format Certificate Limitation Profile.
I think that current model of trust when only CAs can revoke the
certificates
issued by them does not fit current situation, and we also need app-level
limitations,
as browser vendors (Google, Mozilla) already do.
Currently such limitations are hard coded into the particular software.
Being standardized, it will be possible to reuse such limitations across
various applications and avoid hard-coding.
Here is the link to the draft:
https://datatracker.ietf.org/doc/draft-belyavskiy-certificate-limitation-policy/
The current version of the draft (hopefully) describes necessary ASN.1
structures
that are enough for the most practical cases. I have middle-term plans to
provide a support of the draft in OpenSSL, if the idea seems interesting
enough.
Any feedback is welcome.
Thank you!
--
SY, Dmitry Belyavsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20171127/a88af28c/attachment.html>
More information about the openssl-dev
mailing list