On Mon, 14 Jul 2014, Alan Altmark wrote: > I'm not concerned about the format of the files, but how you > and/or your Linux admins like to manage them, particularly > in light of the fact that the bundles of well-known CAs is > updated from time to time.
We are researching / testing in this space, as Oracle has decided to only honor content .jar executables 'code signing' signed by 'yet another' clutch of CA's not including the one we prefer and use The Mozilla.org folks have their (different) rules for inclusion in their base bundle as well And I saw a note that Google / Chrome had decided to restrict all but eight or nine domains compromised after a secondary Indian governmental CA incautiously signed several CSR's purporting to be, but not actually from Google ... And my personal long-standing desire to be able to inject at our boundry 'squid' proxyies, a local CA wildcard certificate so all interior content is retrieved and proxyable over SSL only -- Russ herrold ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/
