On 01/24/2013 12:30 PM, Stef Walter wrote:
So yes, as noted in the 'Detailed Description' of the feature, long term we hope to follow this up with further work to make all the crypto libraries be able to process the information in its entirety.
Okay. In the long term, it might make sense to offload the entire certificate chain validation to a daemon, so that it's possible to get consistent behavior across crypto libraries and allow system administrators to specify more detailed policies (but please not as Javascript code).
-- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
