On 12/14/2015 06:18 PM, Andrew Ayer wrote: > Hi Michael, > > Have you given any more thought to a redesign of ca-certificates that > separates the email certificates from the TLS certificates? I suspect
Yep - got a patch? :-) > that the vast majority of packages that depend on ca-certificates use > it for TLS server auth Got patches for all the mail-related rdeps of ca-certificates? :-) I have not gone through every rdep package to cound, but there are quite a few mail-related pacakges, so they should each have some new filesystem location to search for mail-specific CA certificates. > As always, let me know if you could use any help. I'm going to start > looking through the reverse depends for ca-certificates to identify > packages that might be relying on roots for email authentication. Exactly. I also do not know if pointing mail-related CAs to another filesystem location and patching mail-related packages to look there is sufficient - are there mail clients/utilities that also open https web urls? -- Kind regards, Michael