On 27/06/2017 19:49, Gervase Markham wrote:
On 27/06/17 10:35, Ryan Sleevi wrote:
> ...
Further, one could
reasonably argue that an authroot.stl approach would trouble Apple, much as
other non-SDO driven efforts have, due to IP concerns in the space.
Presumably, such collaboration would need to occur somewhere with
appropriate IP protections.
Like, really? Developing a set of JSON name-value pairs to encode some
fairly simple structured data has potential IP issues? What kind of mad
world do we live in?
I think he was referring to possible IP concerns with reusing
Microsoft's ASN.1 based format.
P.S.
Note that Microsoft has two variants of their "Certificate Trust List"
format:
One that actually includes all the trusted certificates, which is more
useful as inspiration for this effort.
Another that contains only metadata, but not the actual certs. This is
the one loosely described at http://unmitigatedrisk.com/?p=259
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
