Hi Juan,
On Wednesday 15 August 2007 20:02:17 Juan Lang wrote:
[snip!]
> Yes, that's true, but if trust truly is the issue, we have to ask what
> exactly is being protected. [nothing's using Wine's CA root certs]
Sure, if nothing is using Wine's root store just now it's probably overkill.
I'm
On Wed, Aug 15, 2007 at 12:02:17PM -0700, Juan Lang wrote:
> What do you think of my most recent suggestion, that the Root store
> should not read from the registry, but should read from certs
> installed locally, where the path to them is set in the registry?
I guess that is a good and felxible s
Hi Juan,
Sorry I was going to reply earlier but was distracted...
On Wednesday 15 August 2007 00:08:23 Juan Lang wrote:
> Since there wasn't a clear consensus about how to get CA certificates
> into the registry, I decided to do what Mono does: punt. So I've
> written a tool that can load certi
Hi Paul, I appreciate the feedback.
> Ta. I've had a quick look. A couple of minor comments:
>
> You might want to include "BEGIN TRUSTED CERTIFICATE" as an option when
> parsing PEM-format files. All the root CAs I've seen don't use this, but
> apparently its a possibility.
Okay, I'll keep it
> Do we really need them in the registry at all? It would seem a lot
> safer to load them directly from some system dir.
I really should think longer before arguing with your feedback ;)
Maybe the Root store should be a read-only one that reads from some
system path set in the registry, and does
On Wednesday 15 August 2007, Alexandre Julliard wrote:
> "Juan Lang" <[EMAIL PROTECTED]> writes:
> >> Do we really need them in the registry at all? It would seem a lot
> >> safer to load them directly from some system dir.
> >
> > The trouble is not knowing which is the correct system dir / file.
> As long as you don't try paths under /home, even a moderate amount of
> guessing seems safer than storing them in a user-writable file.
I'm not sure I agree. If the threat model is a user doing dumb
things, there's no protection against that. If the threat model is a
rogue Windows program inst
"Juan Lang" <[EMAIL PROTECTED]> writes:
>> Do we really need them in the registry at all? It would seem a lot
>> safer to load them directly from some system dir.
>
> The trouble is not knowing which is the correct system dir / file. It
> changes from distro to distro, from version to version.
> Do we really need them in the registry at all? It would seem a lot
> safer to load them directly from some system dir.
The trouble is not knowing which is the correct system dir / file. It
changes from distro to distro, from version to version. Guessing
seems less safe (to me) than getting th
"Juan Lang" <[EMAIL PROTECTED]> writes:
> Since there wasn't a clear consensus about how to get CA certificates
> into the registry, I decided to do what Mono does: punt. So I've
> written a tool that can load certificates from a file or from a URL
> and stick them in the registry.
Do we really
Since there wasn't a clear consensus about how to get CA certificates
into the registry, I decided to do what Mono does: punt. So I've
written a tool that can load certificates from a file or from a URL
and stick them in the registry.
By default it assumes you want to download them from Mozilla'
11 matches
Mail list logo
