-
Notifications
You must be signed in to change notification settings - Fork 165
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make TrustAnchor::try_from_cert_der
less of an attractive nuisance
#294
Comments
One absolutely MUST NOT treat an end-entity certificate as a To further clarify, constructing a |
Any time you are thinking of using "self-signed certificate" or "end-entity certificate" and |
"Trust anchor" is defined in RFC 5280, in https://datatracker.ietf.org/doc/html/rfc5280#section-6.1.1 and other parts. |
What would be your recommendation for webpki users who want to use TOFU approaches for their app or similar? Maybe if the Certificate is found as user-added exception, they should skip doing the |
Originally
TrustAnchor::try_from_cert_der
existed as a standalone function in thetrust_anchor_utils
submodule. During the time where we were trying to make the webpki API more idiomatic, we moved it to beTrustAnchor::try_from_cert_der
. That makes it very visible and very easy to call; perhaps too easy. A normal user of webpki would not use it; it's really only for things that construct trust anchors stores, whereas the rest of webpki is designed for people who need to validate certificates given a trust anchor store from a trustworthy source.A name like
try_from_cert_der_from_trustworthy_source
and/or moving it to a submodule that's more clearly labeled for its specialized target demographic would make it less of a hazard.The text was updated successfully, but these errors were encountered: