On Fri, May 12, 2017 at 2:15 PM Jakob Bohm via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote:
> On 12/05/2017 20:43, Ryan Sleevi wrote: > > On Fri, May 12, 2017 at 1:50 PM, Jakob Bohm via dev-security-policy < > > dev-security-policy@lists.mozilla.org> wrote: > > > >> Could something be derived from / based on the ASN.1 format apparently > >> used by Microsoft in it's root store, with OpenSSL/Mozilla OIDs added > >> for things that have no Microsoft notation yet. > >> > > > > Why? It's a poor format. > > > > > >> Another starting point (if not the same) could be the "trusted > >> certificate" format that some openssl commands can generate. > >> > > > > Why? It's a poor format. > > > > You missed that NSS already has these expressions in the form that is > > appropriate for NSS. Why change? > > > > The topic of this thread is to get the information in a format > appropriate for use in *other* libraries, such as OpenSSL or > BouncyCastle, both of which are used in Android. I'm afraid that may be misstating things. The topic is to get the information at all - which, in cases, it is made available in the NSS trust DB. How that is exported is something better suited for those applications, not this list or discussion. The discussion here is whether that information is consistently made available in the NSS trust DB (which has its own format) at all. I can see how those may be confusing, but hopefully with that clarification you can understand the difference between discussing format versus discussing functionality. > > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy