On 01/25/2013 04:19 PM, Florian Weimer wrote: > On 01/24/2013 12:30 PM, Stef Walter wrote: > >> So yes, as noted in the 'Detailed Description' of the feature, long term >> we hope to follow this up with further work to make all the crypto >> libraries be able to process the information in its entirety. > > Okay. In the long term, it might make sense to offload the entire > certificate chain validation to a daemon, so that it's possible to get > consistent behavior across crypto libraries and allow system > administrators to specify more detailed policies (but please not as > Javascript code).
Yeah, I agree with that in principle. In fact it's been tried before with libpkix. But in any case, doing this is a gargantuan task outside the scope of what we're taking on here right now. Cheers, Stef -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
