Proposed F19 Feature: Shared System Certificates
Florian Weimer
fweimer at redhat.com
Mon Jan 28 15:00:22 UTC 2013
On 01/28/2013 03:45 PM, Petr Pisar wrote:
> On 2013-01-25, Florian Weimer <fweimer at redhat.com> wrote:
>> On 01/24/2013 12:30 PM, Stef Walter wrote:
>>
>>> So yes, as noted in the 'Detailed Description' of the feature, long term
>>> we hope to follow this up with further work to make all the crypto
>>> libraries be able to process the information in its entirety.
>>
>> Okay. In the long term, it might make sense to offload the entire
>> certificate chain validation to a daemon.
>
> Something like dirmngr?
Good point, dirmngr comes pretty close. But if I recall correctly,
dirmngr is mainly used to retrieve user certificates over LDAP, for use
with S/MIME. But the certificate validation part is pretty much what I
had in mind (protocol-wise at least, the implementation would need more
support for implementing different policies).
--
Florian Weimer / Red Hat Product Security Team
More information about the devel
mailing list