>>>>> "Alberto" == Alberto Ruiz <[log in to unmask]> writes:
>> An encoded set of selection rules is either a string or a list of strings depending on encoding.
>> For example if we use json, it depends on where we treat the list.
Alberto> I guess list of strings works for me. Does each selection rule need an
Alberto> id or alias?
I don't currently see a need for that.
I don't think we currently plan to manipulate that through the gui, and
presumably whenever we update the set of
rules associated with an ID card we'll replace them all.
>> However I'm adding the following text to the trust anchor wiki page:
>>
>> ## What needs to represent a trust anchor on an ID card
>>
>> * An optional base64-encoded CA certificate (a relatively long base64 string)
>> * An optional subject name constraint (string)
>> * An optional subject alternative name constraint (string)
>> * An optional hash of a server certificate
>>
>> The server certificate hash field is mutually exclusive with the other fields.
Alberto> Do we need another field to select which method is going to be used or
Alberto> do we have a priority list for the methods and try to find the
Alberto> existing preferred one? Can it be the case that all of them are empty
Alberto> at the same time? As you mention that the CA certificate is mutually
Alberto> exclusive, does this mean that there are actually two methods and the
Alberto> latter three strings are all part of the same method?
It's reasonable to think of it as two methods.
If the hash is non-empty you're using the hash and everything else must
be empty.
Otherwise, it's a CA-based method and the hash must be empty.
It's legal for everything to be empty, but that's not a very secure
configuration.
In terms of ID cards added by a user, we will force the hash to be
empty, the CA cert to be empty and all the user to enter one or both of
the name constraints.
|