On 01/28/2013 03:45 PM, Petr Pisar wrote:
On 2013-01-25, Florian Weimer <fweimer@xxxxxxxxxx> wrote:
On 01/24/2013 12:30 PM, Stef Walter wrote:
So yes, as noted in the 'Detailed Description' of the feature, long term
we hope to follow this up with further work to make all the crypto
libraries be able to process the information in its entirety.
Okay. In the long term, it might make sense to offload the entire
certificate chain validation to a daemon.
Something like dirmngr?
Good point, dirmngr comes pretty close. But if I recall correctly,
dirmngr is mainly used to retrieve user certificates over LDAP, for use
with S/MIME. But the certificate validation part is pretty much what I
had in mind (protocol-wise at least, the implementation would need more
support for implementing different policies).
--
Florian Weimer / Red Hat Product Security Team
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
