[Security-devroom] How to Store Trust: Assertions

Stef Walter stefw at collabora.co.uk
Thu Dec 9 18:40:54 CET 2010

Stef Walter -- stefw at collabora.co.uk

Collabora Ltd, GNOME

Maintainer of GNOME Keyring, and has been involved in a large number of
security projects both in the open source community and otherwise.
Demystifying crypto and security for users and allowing simple but
powerful uses of security technologies is of special interest.

Talk Duration: 30 minutes

Talk: How to Store Trust: Assertions

In order to provide a usable foundation for crypto on the desktop, the
various crypto libraries need a way of accessing common information
about the user's preferences with regard to certificates and 'trust'.

"Trust Assertions" provide a way to represent certificate authority
anchors, 'pinned' certificate exceptions, revocation lists, and other
bits of trust information. A common method of accessing this information
is missing from the open source desktop.

We will show how we can make this information available through PKCS#11,
so the user's applications (regardless of crypto library) can act
consistently when making trust decisions.

We'll present one solution, but more importantly: kick start progress in
this area and discuss how we can move forward together.

More information about the Security-devroom mailing list