-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 28-01-15 16:42, Mike Hearn wrote:
> Just as a reminder, there is no obligation to use the OS root
> store. You can (and quite possibly should) take a snapshot of the
> Mozilla/Apple/MSFT etc stores and load it in your app. We do this
> in bitcoinj by default to avoid cases where BIP70 requests work on
> some platforms and not others, although the developer can easily
> override this and use the OS root store instead.
>
Except that Mozilla/Apple/MSFT will update these certificate stores -
second their policies - and your snapshot/collection might get
outdated at a different pace than the OS-provided certificates,
depending on how you (or the package maintainer) are rolling out updates.
I am not saying that OS-provided certificate stores are a holy grail,
as they comes with their quirks&headaches (for example try to install
your CA certificate on Mac), but generally I consider shipping your
own snapshot a bad practice, as it makes the system less secure by
default for the casual user and harder to audit for the (eventual) admins.
If you are a developer, that's a whole different story.
- --
Giuseppe Mazzotta
/- Bitonic _/
-----BEGIN PGP SIGNATURE-----
iQEcBAEBCgAGBQJUyQwrAAoJEKWX1kB3NXekfLkH/3Bd2yPD0ccZRUzWJ47wQmFd
uRxpOjlxZMy3ww4PpxPxqJTrSwyH0gwbNCbuXkds9kkx9+AwxEkT8VZXZVA1KNeo
RaLNgqs4R5zK06shTjV+AXe5HwDCEeFuJIIRGM35D8kSKtbPuzKe5UtiIRaBRdZG
e+d6CQKklYK8yn24hUGg30Y0rEcrLicXmcJlrjElA+8pKYDIeP3SrMWjLj9QKFhJ
VBKxXlyviZ2LGf9wD6p+GLgjDu4LNEQdJPpTNzg7yWSegnKmxopefojkCrHtqJQ7
LC4Lr3K3hp5Nbct1YWRt09VQYic/xaGBCSUdKTEL1xTUv7oD/DY7l15zjKi7gtw=
=ZJVu
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development
