chore: made a matrix to help define our work

xmidt-org · Nov 15, 2024 · 6424f52 · 6424f52
1 parent 197ebc4
commit 6424f52
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/themis-results.md b/themis-results.md
@@ -0,0 +1,8 @@
+|Certificate condition   |What themis does now (v0.4.19)     |What we want themis to do.      |
+|:-----------------------|:----------------------------------|:-------------------------------|
+|no peer certificates.   |`trust` of 0  |`trust` of 0|
+|peer certificate in a chain we *DO NOT* trust|`trust` of 1000|`trust` of 0|
+|peer certificate in a chain we *DO* trust|`trust` of 1000|`trust` of 1000|
+
+The existing check for `CommonName` and `DNSSuffixes` is a red herring. As long as we properly check the certificate chain, the right `trust` should be given.
+