On Po, 2016-02-15 at 13:05 +0000, David Woodhouse wrote:
> On Tue, 2016-02-02 at 17:13 +0100, Tomas Mraz wrote:
> > Hello,
> > for anyone interested in the subject and visiting DevConf in Brno
> > on
> > this Friday - we will be holding an informal meeting to gather use-
> > cases
> > for needed improvements in this area. We are interested in feedback
> > from
> > Fedora/RHEL system administrators and developers.
> >
> > The meeting will happen on Friday Feb 5th 2016 13:10-14:30 at the
> > DevConf venue in the room C228.
> >
> > See also:
> > https://communityblog.fedoraproject.org/system-ca-certificate-trust
> > -management-review-planning-meeting-devconf/
> >
> > Regards,
> >
> > Tomas Mraz, Security Technologies Team member at Red Hat
>
> Hi Tomas,
>
> Was there a conclusion for this?
Hello,
unfortunately probably due to no mention of the public meetings in the
official DevConf schedule - they were mentioned only on a separate page
in the DevConf brochure - there was only a single non-redhatter that
appeared at the meeting.
We had some informal discussion with him and the redhatters that were
present. The conclusion was that our team should probably focus more on
the crypto libraries support for the stapled extensions and using the
trust store directly via the p11-kit-trust PKCS#11 module and not
through the extracted certificate lists - namely OpenSSL lacks this
support and probably should be the first priority to fix before any
development of high-level trust management application/API should
start.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
(You'll never know whether the road is wrong though.)
--
devel mailing list
devel@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
