johansen at sun.com wrote:
[Originally sent this to Darren, but forgot to CC PSARC-ext]
I didn't get that email.
Hi Darren,
I got forwarded a pointer to this case that you filed. Thanks for
taking the time to do this.
On Fri, Aug 14, 2009 at 09:24:00AM +0100, Darren J Moffat wrote:
johansen at sun.com wrote:
http://sac.eng/Archives/CaseLog/arc/PSARC/2009/430/20090811_darren.moffat
I would recommend using the certificate directory approach instead of
creating a single file with all certificates.
This case
johansen at sun.com wrote:
On Fri, Aug 14, 2009 at 09:24:00AM +0100, Darren J Moffat wrote:
johansen at sun.com wrote:
http://sac.eng/Archives/CaseLog/arc/PSARC/2009/430/20090811_darren.moffat
I would recommend using the certificate directory approach instead of
creating a single file with
[Originally sent this to Darren, but forgot to CC PSARC-ext]
Hi Darren,
I got forwarded a pointer to this case that you filed. Thanks for
taking the time to do this.
http://sac.eng/Archives/CaseLog/arc/PSARC/2009/430/20090811_darren.moffat
I would recommend using the certificate directory
Template Version: @(#)sac_nextcase 1.68 02/23/09 SMI
This information is Copyright 2009 Sun Microsystems
1. Introduction
1.1. Project/Component Working Name:
Default system CA (X.509) Certificates
1.2. Name of Document Author/Supplier:
Author: Darren Moffat
1.3
Putting all the certs in one mondo file gives me a few minor concerns,
which might be insignificant, but I want to ask them anyway:
1) Do end users have any control over which CAs they do or do not
trust? (What if they want all of the CAs except one?)
2) How are CRL handled?
3) How will
Garrett D'Amore wrote:
Putting all the certs in one mondo file gives me a few minor concerns,
which might be insignificant, but I want to ask them anyway:
1) Do end users have any control over which CAs they do or do not
trust? (What if they want all of the CAs except one?)
The end user
Darren J Moffat wrote:
Garrett D'Amore wrote:
Putting all the certs in one mondo file gives me a few minor
concerns, which might be insignificant, but I want to ask them anyway:
1) Do end users have any control over which CAs they do or do not
trust? (What if they want all of the CAs
Garrett D'Amore wrote:
Darren J Moffat wrote:
Garrett D'Amore wrote:
Putting all the certs in one mondo file gives me a few minor
concerns, which might be insignificant, but I want to ask them anyway:
1) Do end users have any control over which CAs they do or do not
trust? (What if they
Darren J Moffat wrote:
So the tools are responsible for making this check themselves, using
OCSP, right? That makes sense -- end users don't have to take any
specific action to get the CRL checking.
In general they may use OCSP but not on the CA certs files only on the
SSL server certs
10 matches
Mail list logo
