[Dev] What root certificates to ship with Chandler?
Heikki Toivonen
heikki at osafoundation.org
Sat Nov 6 22:05:21 PST 2004
Chih-Chao Lam wrote:
> If we adopt the Mozilla certificate list, besides the possibility that
> some certs won't work with OpenSSL, are there any other disadvantages,
> especially from the end-users' perspective?
Can't think of anything not mentioned already. Some certs might not
work, might not have exactly the same certs as the user has used in some
other software (but it's kind of hard to do anything about this). We'd
also probably lag a bit behind Mozilla (latest Chandler might not have
as up to date list as latest Mozilla).
> If we encounter a cert that does not lead us to the Mozilla root list,
> would we have to explicitly tell the user that Chandler does not
> recognize the cert and whether the user wants to accept this cert? and
> also is the acceptance for just this session only or for next few weeks
> or permanently?
Yes, see
http://wiki.osafoundation.org/bin/view/Journal/HeikkiToivonen20041106
--
Heikki Toivonen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 249 bytes
Desc: OpenPGP digital signature
Url : http://lists.osafoundation.org/pipermail/dev/attachments/20041106/68d4b6d3/signature.bin
More information about the Dev
mailing list