Hi Juan,
On Wednesday 15 August 2007 20:02:17 Juan Lang wrote:
[snip!]
Yes, that's true, but if trust truly is the issue, we have to ask what
exactly is being protected. [nothing's using Wine's CA root certs]
Sure, if nothing is using Wine's root store just now it's probably overkill.
I'm
Juan Lang [EMAIL PROTECTED] writes:
Since there wasn't a clear consensus about how to get CA certificates
into the registry, I decided to do what Mono does: punt. So I've
written a tool that can load certificates from a file or from a URL
and stick them in the registry.
Do we really need
Do we really need them in the registry at all? It would seem a lot
safer to load them directly from some system dir.
The trouble is not knowing which is the correct system dir / file. It
changes from distro to distro, from version to version. Guessing
seems less safe (to me) than getting
Juan Lang [EMAIL PROTECTED] writes:
Do we really need them in the registry at all? It would seem a lot
safer to load them directly from some system dir.
The trouble is not knowing which is the correct system dir / file. It
changes from distro to distro, from version to version. Guessing
As long as you don't try paths under /home, even a moderate amount of
guessing seems safer than storing them in a user-writable file.
I'm not sure I agree. If the threat model is a user doing dumb
things, there's no protection against that. If the threat model is a
rogue Windows program
On Wednesday 15 August 2007, Alexandre Julliard wrote:
Juan Lang [EMAIL PROTECTED] writes:
Do we really need them in the registry at all? It would seem a lot
safer to load them directly from some system dir.
The trouble is not knowing which is the correct system dir / file. It
changes
Do we really need them in the registry at all? It would seem a lot
safer to load them directly from some system dir.
I really should think longer before arguing with your feedback ;)
Maybe the Root store should be a read-only one that reads from some
system path set in the registry, and
Hi Paul, I appreciate the feedback.
Ta. I've had a quick look. A couple of minor comments:
You might want to include BEGIN TRUSTED CERTIFICATE as an option when
parsing PEM-format files. All the root CAs I've seen don't use this, but
apparently its a possibility.
Okay, I'll keep it in
Hi Juan,
Sorry I was going to reply earlier but was distracted...
On Wednesday 15 August 2007 00:08:23 Juan Lang wrote:
Since there wasn't a clear consensus about how to get CA certificates
into the registry, I decided to do what Mono does: punt. So I've
written a tool that can load
On Wed, Aug 15, 2007 at 12:02:17PM -0700, Juan Lang wrote:
What do you think of my most recent suggestion, that the Root store
should not read from the registry, but should read from certs
installed locally, where the path to them is set in the registry?
I guess that is a good and felxible
Since there wasn't a clear consensus about how to get CA certificates
into the registry, I decided to do what Mono does: punt. So I've
written a tool that can load certificates from a file or from a URL
and stick them in the registry.
By default it assumes you want to download them from
11 matches
Mail list logo