Hal Murray via devel writes: > Suppose you don't trust all those CAs. What can you do?
Then they shouldn't be in your trust root to begin with. It's easy enough to remove a CA source file from the system cert store and rebuild it, although what to do is slightly different on each system. > One option is to extract the appropriate certificate from the installed root > collection. That's CA pinning rather than certificate pinning. It only makes sense (to me anyway) if you expect to have multiple different certificates that refer to that CA, so maybe if you have a local CA that you don't want to advertise system-wide. Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ Factory and User Sound Singles for Waldorf rackAttack: http://Synth.Stromeko.net/Downloads.html#WaldorfSounds _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
