A few root store operators at the recent CAB Forum meeting informally discussed the idea of a common format for root store information, and that this would be a good idea. More and more innovative services find it useful to download and consume trust store data from multiple parties, and at the moment there are various hacky solutions and conversion scripts in use.
Apple are already moving to publish their trust store in machine-readable form (at the moment, the most machine-readable version is in their open source repo, and that's often out of date). I'm not sure what format they are planning, but it may not be too late to sell them on something common. We currently have certdata.txt, which is perhaps not ideal as a format; if we moved to something better, we could always generate certdata.txt from that for those who still needed that form. I'm told there are a couple of formats out there, including one in XML (urk). But it would be nice to have something which was both machine and human readable and writeable; in the age where the bar is set by JSON, I'm not sure XML counts as that any more. The trouble is, I'm not sure anyone in those conversations was also musing about how much free time they had for such work. Is anyone here interested in taking on the task of gathering requirements and editing a spec for an (e.g.) JSON root store format? Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
