All, I'll start looking at when we will remove the websites trust bit, the email trust bit, and/or the Entrust roots from certdata.txt. Thanks, Ben
On Fri, Feb 7, 2025 at 8:44 AM Mike Shaver <[email protected]> wrote: > On Fri, Feb 7, 2025 at 10:29 AM 'Matthew McPherrin' via > [email protected] <[email protected]> wrote: > >> The "distrust after" dates are specific to root programs like Mozilla, >> and not a CA/B Forum thing at all. There's no "non-standard extensions" ... >> because there's no extensions at all. It is not represented in X509, or in >> any format beyond Mozilla's internal ones. >> >> The fact that Linux distributions and other software like Alpine and curl >> are "copying Mozilla's homework" and not getting the full metadata is a >> problem, but I don't think the fault lies at Mozilla's feet here. >> > > Hear, hear. These distributions are free to maintain their own CA lists if > they would like, or copy Chrome/Microsoft/Apple/Cisco's homework instead. > Or they can do the work to actually process the NSS internal root store in > a way that's semantically-consistent with Firefox's use of it. > > Mike > > -- > You received this message because you are subscribed to the Google Groups " > [email protected]" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CADQzZqsSMVs7NuOMWMFydF_68Nrb6iYhOTWZLceGZn9ubEXpCQ%40mail.gmail.com > <https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CADQzZqsSMVs7NuOMWMFydF_68Nrb6iYhOTWZLceGZn9ubEXpCQ%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaZz%3DhYK_wMVPtuHc_K7YNoUex11vv0mBKAKvftti%2BzZ5g%40mail.gmail.com.
