We would like to avoid scenario when a system administraotr might
accidently change the behaviour of one of the applications running on the
system by acidentally installing a nes trusted certificate into a system
store.
I can easily argue both ways :) In some cases, one might want
to have *everything* in one place (btw, this is the approved
MS way for dealing with certificates :) ). But you are also right
that sometimes it is not the best approach. However, I am not
buying your "...acidentally installing..." argument because
sysadmin can also acidentally put a new certificate in any other
place as well :)
Ok, here is an example from MS way (specifiying which CAs to trust when
establishin an SSL session). Internet Information Server (IIS) can be
configured in two ways:
- by default it uses trusted certificate from system store
- but you can also create your own certificate trust list and explicitlly
define which root certificate do you trust. This enables you to have
different trusted CAs in for different Web Sites.
If you replace "IIS" with "XmlSec" and "Web Site" with "application" in the
paragraph above, we have an argument for supporting both scenarios in
XMLSec.
Amiler.
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
