Source: nss Severity: wishlist Version: 2:3.14.5-1 X-Debbugs-CC: p11-...@packages.debian.org
Hi Mike, everyone, With the recent switch of wheezy-security's iceweasel to using the embedded copy of nss I was hit again by some local certificates being missing. Sure enough, this is not a new issue and was expected. However, I'm wondering about using p11-kit's -trust.so provider to replace nssckbi, pretty much like described by #704180 but done directly by nss. The aim being to finally centralise this in a way that is, slightly, more flexible than it currently is. Now, there are of course some downsides which include losing specific usage and trust settings. I'm not too worried about usage settings as much as I am for the trust bits. How could we distrust an intermediate CA next time if we use p11-kit? What is your opinion on all this? what other difference between the two providers is there that I might be missing? Thanks in advance. Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
