On 13/05/2017 00:48, Ryan Sleevi wrote:
On Fri, May 12, 2017 at 6:02 PM, Jakob Bohm via dev-security-policy <
[email protected]> wrote:
This SubThread (going back to Kurt Roeckx's post at 08:06 UTC) is about
suggesting a good format for sharing this info across libraries though.
Discussing that on a list dedicated to a single library (such as NSS or
OpenSSL) would be pointless.
And in the original message, what was requested was
"If Mozilla is interested in doing a substantial public service, this
situation could be improved by having Mozilla and MDSP define a static
configuration format that expresses the graduated trust rules as data, not
code."
Mozilla does express such graduated trust rules as data, not code, when
possible. This is available with in the certdata.txt module data as
expressive records using the NSS vendor attributes.
Not all such requirements can be expressed as code, not data, but when
possible, Mozilla does. That consuming applications do not make use of that
information is something that consuming applications should deal with.
I suggest you read and understand the OP in this thread, which is
*entirely* about using the Mozilla Root Store outside Mozilla code.
Yet you keep posting noise about using the Mozilla store with Mozilla
code such as NSS, with Mozilla internal database formats, etc. etc.
Just above you commented "Not all such requirements can be expressed as
code", which is completely backwards thinking when the request is for
putting all additional conditions in an open database in a *stable*
data format that can be easily and fully consumed by non-Mozilla code.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
