On 2/27/25 8:17 AM, Barry wrote:
On 27 Feb 2025, at 10:39, Robert Moskowitz <r...@htt-consult.com> wrote:
But how to update the cert file? Which one is it or will the next firefox
update replace it?
I would have assumed that the cert is shipped with firefox itself.
There is a signed trust list that every browser vendor provides. It
gets updated whenever a new cert is add. It possible is included in
each update even when not changed.
But it is there, I just have to find the one that was installed when I
built the system and copy it over the old cruft I moved over.
Tahar ElGamal, a student of Rivest at MIT, holds the patent (long
expired) on SSL and the approach of a trust list of root certs. He was
one of my mentors a few decades ago. His SSL got us off ground zero and
gave us a path for deploying X509 certs for trust-building. I have been
in countless discussions of the various approaches to trust. I myself
am the author of the Bridge CA model (circa '98) used in a few PKIs.
This doesn't mean I cannot shoot myself in the foot at times, overlaying
the new list with an old one!
It is SO EASY!!! to step in the do-do.
As Robert Frost said so well:
"The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep."
--
_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
