On Tue, Mar 20, 2012 at 01:22:29AM -0400, Daniel Kahn Gillmor wrote: > Consider, for example, that libNSS allows the user to identify which root CAs > are > trusted to: > > * identify web sites, > * identify e-mail users, or > * sign code > > (some CAs may trusted for all three categories, some for only one or > two of them). > > If the system store could identify these separate categories > differently, then we could divert (or ship a modified) > libnssckbi.so that actually drew its configuration from the admin's > configuration choices (instead of using the hardcoded builtins).
As far as I know NSS already has this information, it even has more options than that, but I think only those 3 are actually used. At least the certdata.txt file contains the information, you can edit in iceweasel/firefox. The information only gets lots when the ca-certificates package is created. Kurt -- To UNSUBSCRIBE, email to debian-policy-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120407164624.ga12...@roeckx.be
