In order to provide a usable foundation for crypto on the desktop, the various crypto libraries need a way of accessing common information about the user's preferences with regard to certificates and 'trust'. "Trust Assertions" provide a way to represent certificate authority anchors, 'pinned' certificate exceptions, revocation lists, and other bits of trust information. A common method of accessing this information is missing from the open source desktop. We will show how we can make this information available through PKCS#11, so the user's applications (regardless of crypto library) can act consistently when making trust decisions. We'll present one solution, but more importantly: kick start progress in this area and discuss how we can move forward together. |