Proposed F19 Feature: Shared System Certificates
Stef Walter
stefw at redhat.com
Fri Jan 25 17:26:33 UTC 2013
On 01/25/2013 04:19 PM, Florian Weimer wrote:
> On 01/24/2013 12:30 PM, Stef Walter wrote:
>
>> So yes, as noted in the 'Detailed Description' of the feature, long term
>> we hope to follow this up with further work to make all the crypto
>> libraries be able to process the information in its entirety.
>
> Okay. In the long term, it might make sense to offload the entire
> certificate chain validation to a daemon, so that it's possible to get
> consistent behavior across crypto libraries and allow system
> administrators to specify more detailed policies (but please not as
> Javascript code).
Yeah, I agree with that in principle. In fact it's been tried before
with libpkix. But in any case, doing this is a gargantuan task outside
the scope of what we're taking on here right now.
Cheers,
Stef
More information about the devel
mailing list