...
Four types of trust engine are available by defauldefault, these are distinguised distinguished by the type=""
attribute.
Type | Description |
---|---|
ExplicitKey | Extracts keys to trust directly from the metadata of the peer. |
PKIX | Extracts key identifiers (i.e. certificate names) to trust from the metadata of the peer, but also extracts sets of trust anchors from a special metadata extension and then applies path validation to candidate certificates. |
Static PKIX | Extracts key identifiers (i.e. certificate names) to trust from the metadata of the peer, and then applies path validation to candidate certificates based on a static list of trust anchors. The difference from the previous engine is that the list of anchors is fixed and does not vary based on whose credentials are being examined. |
...