= Proposed Self Contained Change: Shared Certificate Tools = https://fedoraproject.org/wiki/Changes/SharedCertificateTools Change owner(s): Stef Walter <stefw@xxxxxxxxxx> Fedora now has infrastructure for sharing system trusted certificates between the various crypto libraries. Tools are being worked on for adding/removing these shared trusted certificates, as well as blacklisted certificates. This is being worked on upstream in the p11-kit project. This change integrates that upstream work into Fedora. == Detailed description == A tool will be added to the p11-kit-trust package which can be used to perform the following actions: * Add a trust anchor * Disable a trust anchor * Remove an added trust anchor * Blacklist a certificate or key * Remove an blacklisted certificate or key Because not all crypto implementations read their trusted information directly from the dynamic database, the tool will take care of extracting things as appropriate after making a change. This will enable administrators to run a single command to add an anchor (and perform other tasks). == Scope == p11-kit has had work done to have the trust module store changes. The initial tool has been written upstream. Remainder of the tool needs completion. The ca-certificates package will need some minor tweaks to make sure the new tools integrate correctly with it. Although this feature can potentially affect a large number of packages, the implementation is well bounded. It is limited to a p11-kit (with one or two lines changed in ca-certificates). Proposal owners: stefw, see above Other developers: kaie (for ca-certificates) Release engineering: N/A (not a System Wide Change) Policies and guidelines: N/A (not a System Wide Change) -- docs mailing list docs@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/docs
