On Mon, July 8, 2013 12:00 pm, Rick Andrews wrote: > I need to remove some 1024-bit roots from Firefoxs trust store, but I > realize that these trusted roots are part of the NSS library, and that the > NSS library is used by lots of other software, not just Firefox. Removing > these roots may have far-reaching consequences. I understand that there > isn't a list of all the different places where NSS is used, but can anyone > provide some guidance? Even a broad incomplete list of NSS users is better > than nothing. Thanks! > -- > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto >
Rick, I think you may find it better to consider moz.dev.sec.policy, in the hope of reaching the people watching for additions. The issue is that there are a vast, vast number of applications that use the Mozilla Root Certificate Program data, but without using NSS. The removal of these roots would equally affect them. This includes, for example, nearly every major Linux distribution (typically as part of their ca-certificates package), which are further consumed by a variety of applications and libraries (including OpenSSL, GnuTLS, and plenty of 'home-grown' solutions, unfortunately). That said, the operation of Mozilla's Root Program is done according to the needs and abilities of NSS, and these secondary consumers are not 'officially' supported. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
