On Tue, Oct 18, 2016 at 5:51 AM, Gervase Markham <[email protected]> wrote: > On 17/10/16 16:26, Kathleen Wilson wrote: >> ones who use NSS validation. I’m not sure what we can do about other >> consumers of the NSS root store, other than publish what we are doing >> and hope those folks read the news and update their version of their >> root store as they see appropriate for their use. > > We cannot fix everyone else's code, but I think it would be reasonable > for us to produce and maintain a wiki page which complements > certdata.txt which gives all the other restrictions Mozilla recommends > on the roots therein.
I think making it clear which entries in certdata.txt have additional constraints would be very helpful. Is it maybe possible to do so by adding new attributes to the NSS_TRUST object instead of simply putting it on a webpage? That way it is in the same place and is machine readable. Even if the attribute are not processed when creating libckfw, others can use them. Thanks, Peter _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
