David Adrian via dev-security-policy <dev-security-policy@lists.mozilla.org> writes:
>I'd like to see either a reliable URL to fetch that can be converted to PEM >(i.e. what Microsoft does), or some API you can hit to the store (e.g. what >CT does). PEM. You keep using that word... I do not think it means what you think it does. Technically speaking, PEM is the data format for Privacy Enhanced Mail, usually applied to the ASCII wrapping for the binary data. In practice, it's used to denote OpenSSL's proprietary private-key format. Neither of those seem terribly useful for communicating trusted certificates. If you do want a standard format for them that pretty much anything should already be able to understand, why not use CMS/PKCS #7 certificate sets/collections/chains? Almost anything that deals with certs should already be able to read those. Sure, it won't do metadata, but for that you'll need to spend three years arguing in a standards group and produce a 100-page RFC that no-one can get interoperability on. OTOH PKCS #7 works right now. Peter. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy