On Sun Dec 13 17:41:31 2009, Jonathan Schleifer wrote:
Dave Cridland <[email protected]> wrote:
> Applications shouldn't be installing trust anchors without a lot
of
> confirming with the user.
I'm not talking about an application installing a system-wide root
certificate. But if the StartCom certificate is included and used
for
just that app, it only makes sense to add CACert as well.
Applications should also not be using their own internal trust
anchors. :-)
Suggesting ones to add, perhaps only for that application, is
sensible.
Of course, operating systems usually come preinstalled with a default
list - that's a reasonable trade-off.
Dave.
--
Dave Cridland - mailto:[email protected] - xmpp:[email protected]
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
