> OK. I'm researching what approach should be used for the Fedora Linux > distribution, where a single CA trust list (based on Mozilla's CA trust > list) is used for the whole system, including Firefox, and other > applications that > use other certificate validation logic, like the ones built into the GnuTLS, > NSS > and OpenSSL libraries.
FWIW, I realize we are where we are, but it's high time people started migrating away from the concept of a single operating system trust list that is consumed by all applications on the platform. It just doesn't work very well since each application type has its own unique security considerations, risks, and challenges. And threat model, risk tolerance, value of data being protected, necessary assurance level, etc etc etc. It's ok to rely heavily on other trust stores to assist with bootstrapping or maintaining a trust store, and this can even be codified directly into the new trust store's policy. For example, this is the approach taken by Cisco whose trust store policy is basically the union of what's trusted by other major trust stores. It's a good baby step towards establishing an independent and well maintained trust store. Major trust stores have taken various actions nudging certificate authorities to use a combination of technical constraints and/or EKUs and/or different intermediate CAs in order to better segregate certificates by use case, and I'd encourage them to continue with those efforts. The current situation is a bit of a mess, and it will take us years to get it all untangled. -Tim
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list firstname.lastname@example.org https://lists.mozilla.org/listinfo/dev-security-policy