Here's a suggestion for the participants in this thread. Instead of all this conjecture, imagining various bad designs for NSS and then criticizing them, try to figure out how the products *really* work. There are major clues in Certificate Manager.
Here are some hints. 1. The root CA list that comes with the product is in a read-only shared library. Nothing the user can do with the product alters the contents of that shared library in any way. The shared library is updated only when the product is updated. 2. Any certificates added by the user, and any trust information edited by the user, is stored in the user's cert database. The trust information in the user's cert database overrides ALL other trust information stored in any other cert store, including the product's root CA list. All *apparent* modifications of the root CA list are actually edits to the trust information in the user's cert database. 3. The only modifications the product ever makes to the trust information in the user's cert DB are initiated by the user. Product updates don't modify the set of certs or trust information in the user's cert DB. On those rare occasions where the format of the cert DB changes, the information in the old cert DB is migrated to the new cert DB. -- Nelson B _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
