We had a useful initial discussion of cert management last year: http://groups.google.com/group/android-security-discuss/browse_thread/thread/fa441379683f92d2
There continues to be some angst on the chromium bug related to implementing cert management: http://code.google.com/p/android/issues/detail?id=11231 I largely agree with the people who are angsty, but as a non- contributor to the code I suppose I can't bitch too much. In the meantime, I'd like to understand the process by which root CA certs get included into Android... both at the chromium stage and (if there is any difference) at the carrier stage. Mozilla has an extensive an public system for reviewing root cert inclusion requests. What does Android do? This is the best way of viewing the current list, no? http://android.git.kernel.org/?p=platform/libcore.git;a=tree;f=luni/src/main/files;hb=HEAD -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
