Was hoping some kind sould out there might explain what a trust
policy module does? I've been reading up on it, but am not really
sure how they fit in to the flow of operations.
A Trust Policy module (TP) answers the question "Is *this*
certificate (or certificate chain) trusted for *this* action?" For
example the Apple X.509 TP answers questions like "is this cert valid
for authenticating an SSL server" and "can this cert be trusted for
signing email?".
In answering questions like that, the Apple X.509 TP can block for a
long time, while doing things like fetching CRLs from the net and
performing OCSP transactions on the net. But, those actions are only
done in the service of answering one specific question about one
specific cert (or cert chain).
The CDSA 2.0 spec has a pretty decent overview of what a TP can and
cannot do in section 8.1.
1. Does every CSSM operation get checked against the loaded Trust
Policy Modules?
No. A TP is only used in TP-specific CSSM call (CSSM_TP_*()) which
specifies a CSSM_TP_HANDLE specifically associated with that TP. A
CSSM_TP_HANDLE is obtained for a specific TP by specifying that TP's
GUID in the CSSM_ModuleAttach() call.
2. If the trust policy modules says 'don't trust' does the login
dialog appear?
The Apple TP doesn't do any UI, ever. Any dialogs resulting from TP
errors are at higher levels, above CSSM, even above the Sec layer
(i.e., they're generated at the app level).
3. What types of controls does the author of a Trust Policy module
have?
I'm not sure what you're asking here - I don't know what kind of
controls you're asking about...
4. Is access to the trust policy module a blockable operation, in
that theoretically I could have a TP module that does nothing
except force the user to wait 10 seconds before the rest of their
operation continues?
Oh, I suppose so, but that's definitely not what TPs are supposed to do.
5. How are TP Modules associated with CSP's, DL, keychain, etc...
Right now - as of Tiger 10.4.4 - they are not. Which brings up the
next question:
6. If I write my own TP module, will every Sec* application now use
it?
No. Currently the Sec layer only knows about one TP, the (built-in)
Apple X.509 TP. The SecTrust and SecPolicy objects (the only part of
the Sec layer that knows about TPs) are hard coded to use the built-
in Apple X.509 TP. This may change in the future.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Apple-cdsa mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/apple-cdsa/email@hidden
This email sent to email@hidden
