Kyle Hamilton wrote, On 2008-12-23 21:20: > On Tue, Dec 23, 2008 at 6:16 PM, Nelson B Bolyard <nel...@bolyard.me> wrote: >> Anyway, I would support the creation of a "CA certificate" non-code module. > > I think this would be a really good idea. I'm aware that my opinion > carries little weight, but I think that since it relies on business- > and legal-side undertakings, it shouldn't be managed by the coders. > > How would this work? Split nssckbi out to be managed by the non-code > module owner, though a coder would need to be enlisted to finalize the > decisions made by that person?
No, it would be a NON-CODE module. It would not contain any code. Its output would be the list of trusted root certs, perhaps as a web page, and/or also as a set of requests (in the form of Bugzilla bugs) to have certs inserted into nssckbi. nssckbi is just a medium for the conveyance of that list, potentially one of several. The task for the NSS module owner would be to ensure that the copy of the list in nssckbi is kept reasonably up to date, and doesn't differ from the official list (or a very recent version of that list) as of the date on which it is released. That's really how things operate now. I'm merely suggesting that that separation of responsibility be formalized by making the maintenance of the official CA list be a separate "module". _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
