[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NSM certificate prompt

From: Michael Albinus
Subject: Re: NSM certificate prompt
Date: Sat, 13 Dec 2014 17:57:03 +0100
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.0.50 (gnu/linux)

Lars Magne Ingebrigtsen <address@hidden> writes:

> Michael Albinus <address@hidden> writes:
>> "Other Web browsers" carry builtin certificates.
> We should do that too, I guess.  

I don't think so. It will be an endless story, because this will require
permanent updates. Certificates have a limited life (see the Expires
attribute); new certificates must be added regularly, and even
established certificates must be revoked sometimes (if the CA has been
hacked, for example).

A better solution might be to use system-installed certificates. For
example, Debian offers the package ca-certificates. It installs known
certificates at /usr/share/ca-certificates, which could be used.
See also /usr/share/doc/ca-certificates/README.Debian.

Similar packages might exist for other systems. Don't know, whether
gnutls uses them already by default.

Best regards, Michael.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]