Hi Peter, On 18/10/16 06:02, Peter Bowen wrote: > I think making it clear which entries in certdata.txt have additional > constraints would be very helpful. Is it maybe possible to do so by > adding new attributes to the NSS_TRUST object instead of simply > putting it on a webpage? That way it is in the same place and is > machine readable. Even if the attribute are not processed when > creating libckfw, others can use them.
We could have a flag saying "this root is special", so people could detect when new "special" roots had appeared so they could check the wiki page, but I think it would be hard to programmatically encode the restrictions such that they are machine-readable, because there are such a wide variety of restrictions which one could imagine making. Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
