[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: NSM certificate prompt
|
From: |
Michael Albinus |
|
Subject: |
Re: NSM certificate prompt |
|
Date: |
Sat, 13 Dec 2014 17:57:03 +0100 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.0.50 (gnu/linux) |
Lars Magne Ingebrigtsen <address@hidden> writes:
> Michael Albinus <address@hidden> writes:
>
>> "Other Web browsers" carry builtin certificates.
>
> We should do that too, I guess.
I don't think so. It will be an endless story, because this will require
permanent updates. Certificates have a limited life (see the Expires
attribute); new certificates must be added regularly, and even
established certificates must be revoked sometimes (if the CA has been
hacked, for example).
A better solution might be to use system-installed certificates. For
example, Debian offers the package ca-certificates. It installs known
certificates at /usr/share/ca-certificates, which could be used.
See also /usr/share/doc/ca-certificates/README.Debian.
Similar packages might exist for other systems. Don't know, whether
gnutls uses them already by default.
Best regards, Michael.
Re: NSM certificate prompt, Michael Albinus, 2014/12/13
- Re: NSM certificate prompt, Lars Magne Ingebrigtsen, 2014/12/13
- Re: NSM certificate prompt,
Michael Albinus <=
- Re: NSM certificate prompt, Eli Zaretskii, 2014/12/13
- Re: NSM certificate prompt, Lars Magne Ingebrigtsen, 2014/12/13
- Re: NSM certificate prompt, Eli Zaretskii, 2014/12/13
- Re: NSM certificate prompt, Lars Magne Ingebrigtsen, 2014/12/13
- Re: NSM certificate prompt, Michael Albinus, 2014/12/13
- Re: NSM certificate prompt, Ted Zlatanov, 2014/12/13
Re: NSM certificate prompt, Eli Zaretskii, 2014/12/13
Re: NSM certificate prompt, Eli Zaretskii, 2014/12/13