Re: Machine- and human-readable format for root store information?

Wed, 05 Jul 2017 04:33:28 -0700 

On 29/06/17 16:27, Ryan Sleevi wrote:
> Well, the current certdata.txt is a text file. Do you believe it's 
> human-readable, especially sans-comments?

Human readability is, of course, a little bit of a continuum. You can
open it in a text editor and get some sense of what's going on, but it's
far from ideal.

How it is sans-comments is irrelevant, because it has comments. :-)

(For those not familiar, here's a sample from certdata.txt:

# Trust for Certificate "Verisign/RSA Secure Server CA"
CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST
CKA_TOKEN CK_BBOOL CK_TRUE
CKA_PRIVATE CK_BBOOL CK_FALSE
CKA_MODIFIABLE CK_BBOOL CK_FALSE
CKA_LABEL UTF8 "Verisign/RSA Secure Server CA"
CKA_CERT_SHA1_HASH MULTILINE_OCTAL
\104\143\305\061\327\314\301\000\147\224\141\053\266\126\323\277
\202\127\204\157
END
CKA_CERT_MD5_HASH MULTILINE_OCTAL
\164\173\202\003\103\360\000\236\153\263\354\107\277\205\245\223
END
....

> Please realize that this makes it impossible to effectively test changes, 
> without running said tool. This is, again, why certdata.txt being generated 
> is part of the build - so that when you change a file, it's reflected in the 
> build and code and you can effectively test.

Of course, those changing the root store might need access to the
compilation tool. But from a Mozilla PoV, that's just Kai normally. And
if people were used to editing and consuming certdata.txt, they could
continue to do it that way.

Thought experiment for you: if we decided to make the root store its own
thing with its own repo and its own release schedule, and therefore NSS
became a downstream consumer of it, where on occasion someone would
"take a release" by generating and checking in certdata.txt from
whatever format we decided to use, what problems would that cause?

> That's why "machine-readable" is, in effect, a must-have.

I'm not sure anyone is arguing with that.

> So clearly, we get in situations where not all restrictions are expressible.

Sure. As I said, I'm not interested in an arbitrarily complex file
format, so it will always be possible to come up with restrictions we
can't encode. But whatever format Apple chooses, unless they go the
"arbitrary complexity" path, they will have that problem, no?

Gerv
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
              • Re... Ryan Sleevi via dev-security-policy
              • Re... Gervase Markham via dev-security-policy
              • Re... Ryan Sleevi via dev-security-policy
              • Re... Kai Engert via dev-security-policy
              • Re... Ryan Sleevi via dev-security-policy
              • Re... Kai Engert via dev-security-policy
              • Re... Gervase Markham via dev-security-policy
              • Re... Gervase Markham via dev-security-policy
              • Re... Gervase Markham via dev-security-policy
              • Re... Ryan Sleevi via dev-security-policy
              • Re... Gervase Markham via dev-security-policy
              • Re... Ryan Sleevi via dev-security-policy
              • Re... Rob Stradling via dev-security-policy
              • Re... Gervase Markham via dev-security-policy
              • Re... Ryan Sleevi via dev-security-policy
            • Re: Ma... Jos Purvis (jopurvis) via dev-security-policy
              • Re... Peter Gutmann via dev-security-policy
            • Re: Ma... Jakob Bohm via dev-security-policy
    • Re: Machine- and human-... Gervase Markham via dev-security-policy
    • Re: Machine- and human-... Jakob Bohm via dev-security-policy
  • Re: Machine- and human-reada... Kai Engert via dev-security-policy

Reply via email to