On 03/07/17 16:09, Kai Engert wrote: > I'd prefer a simple open source tool that operates on files, which can be used > from a command line, with a free license, e.g. MPL2.
Of course. > If the intention is to define a file format that is shared with other groups, > who would be the owner of the file format? Good question. > What if another group needs to > introduce additional fields into the file format, that aren't of interest to > Mozilla or NSS? Using something like JSON means that people can add arbitrary keys for their own use that everyone else can ignore. We'd need a lightweight mechanism for how to do that, but it's not an uncommon pattern. >> We could do this with any approach. Are you interested in the idea of >> making the trust list an independently-maintained item, which is just >> pulled into NSS each time an NSS release is done? > > Yes, I had previously suggested this here: > https://bugzilla.mozilla.org/show_bug.cgi?id=1294150 I think that having a new file format which encoded more or all of the restrictions on CAs would mitigate some of the issues raised in that bug. Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy