Proposed F19 Feature: Shared System Certificates

Florian Weimer fweimer at redhat.com
Fri Jan 25 15:19:33 UTC 2013


On 01/24/2013 12:30 PM, Stef Walter wrote:

> So yes, as noted in the 'Detailed Description' of the feature, long term
> we hope to follow this up with further work to make all the crypto
> libraries be able to process the information in its entirety.

Okay.  In the long term, it might make sense to offload the entire 
certificate chain validation to a daemon, so that it's possible to get 
consistent behavior across crypto libraries and allow system 
administrators to specify more detailed policies (but please not as 
Javascript code).

-- 
Florian Weimer / Red Hat Product Security Team


More information about the devel mailing list