On Wed, Jul 10, 2013 at 01:22:37PM +0200, Jaroslav Reznik wrote: > > Because not all crypto implementations read their trusted information directly > from the dynamic database, the tool will take care of extracting things as > appropriate after making a change. This will enable administrators to run a > single command to add an anchor (and perform other tasks). > So it sounds like this is a modify and sync strategy? Are there other tools in the distribution that may modify the primary or the sync'd certificates that need to be changed so that they don't step on what p11-kit is doing?