Hi Peter,

On 18/10/16 06:02, Peter Bowen wrote:
> I think making it clear which entries in certdata.txt have additional
> constraints would be very helpful.  Is it maybe possible to do so by
> adding new attributes to the NSS_TRUST object instead of simply
> putting it on a webpage?  That way it is in the same place and is
> machine readable.  Even if the attribute are not processed when
> creating libckfw, others can use them.

We could have a flag saying "this root is special", so people could
detect when new "special" roots had appeared so they could check the
wiki page, but I think it would be hard to programmatically encode the
restrictions such that they are machine-readable, because there are such
a wide variety of restrictions which one could imagine making.

Gerv


_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to