Versions Compared

Old Version 16

changes.mady.by.user Former user

Saved on

compared with

New Version 17

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Four types of trust engine are available by default, these are distinguished by the type="" attribute.

TypeDescription

ExplicitKey

Extracts keys to trust directly from the metadata of the peer.

PKIX

Extracts key identifiers (i.e. certificate names) to trust from the metadata of the peer, but also extracts sets of trust anchors from a special metadata extension and then applies path validation to candidate certificates.
Static PKIX

StaticPKIX

Extracts key identifiers (i.e. certificate names) to trust from the metadata of the peer, and then applies path validation to candidate certificates based on a static list of trust anchors.

The difference from the previous engine is that the list of anchors is fixed and does not vary based on whose credentials are being examined.

...