On 05/07/2012 12:35 PM, Richard Moore wrote:
>> Are there ways to identify the trust purpose of those certificates? >> Is there any intention to standardize something like that, so we don't >> end up with our own trust? > > All the certs are trusted for all purposes in this scheme (subject to > the keyusage flags they contain). The problem is that there is no particular scheme and the keyusage flags are set by the CA, not by the one who trusts the certificate. Because verisign has a certificate that says it is appropriate for signing e-mail, it doesn't mean that I want to trust it. regards, Nikos _______________________________________________ Help-gnutls mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-gnutls
