[Dev] What root certificates to ship with Chandler?
Heikki Toivonen
heikki at osafoundation.org
Mon Nov 8 12:45:16 PST 2004
oren wrote:
> There may likely be some certs that we'd like to get installed in
> shipping Chandler that are important from a higher ed perspective - I've
> put in a query to the Internet2 middleware folks on the subject and will
> get back with you when I hear from them...
I'd like to hear if the universities can comply with the Mozilla
policies, and to what extent, even if they will/can not get on the
Mozilla list.
Also, is there a common policy for university CAs, and if not, can the
universities create such a policy and some organization to overseer that.
If the universities can not have an equivalent to the Mozilla policy and
no central policy enforcer, then it seems like that would fall into the
hands of OSAF, which I would like to avoid as much as possible (although
having a limited number of university CAs would be much easier to deal
with than with arbitrary CAs). If university CAs were not able to follow
Mozilla policies, it could mean the CAs are not to be trusted as much.
There are some ways we could ship/handle university CAs: 1) make
university CA list install optional; 2) ship with university CAs but
mark them specifically, and ask user whether to trust them or not on
first time of encountering one on the list; 3) have universities inform
their users where to download and how to install these added certs; 4)
create separate higher ed installer with these certs.
--
Heikki Toivonen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 249 bytes
Desc: OpenPGP digital signature
Url : http://lists.osafoundation.org/pipermail/dev/attachments/20041108/82a026c9/signature.bin
More information about the Dev
mailing list