[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Re: Using system SSL certificates...
From: Thiago Macieira <thiago () kde ! org>
Date: 2010-02-03 5:52:26
Message-ID: 201002022152.34042.thiago () kde ! org
[Download RAW message or body]
Em Terça-feira 2. Fevereiro 2010, às 17.17.12, Brad Hards escreveu:
> On Saturday 30 January 2010 08:21:17 Thiago Macieira wrote:
> > The Qt non-Firefox certificates contain the likes of VeriSign, Thawte and
> > Equifax. The question is: why are those well-known certificates in Qt but
> >
> > not in Firefox?
>
> Based on the log, it appears Qt may have just taken the cert bundle from an
> earlier version of KDE (when George Staikos was actively managing it).
>
> George's policy (which I concur with) was that a cert in either Firefox or
> IE was OK, if the vendor requested it. It is not OK to just add
> certificates without doing appropriate checks of the vendors practices and
> policies, and KDE doesn't have the resources to do that, hence the
> out-sourcing approach.
>
> FWIW, I'd support removing the cert bundle from KDE and just using
> mozilla's bundle. Ideally we'd support using system certs where the OS or
> vendor provides them.
That's what I did. I took the Mozilla file that describes their cert list.
But I found out that there are 48 certificates that exist today in Qt but not
in Firefox.
The question is: why? Why doesn't Firefox carry VeriSign and Thawte
certificates?
Or, if they do, where is the full list of their certificates?
--
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
Senior Product Manager - Nokia, Qt Development Frameworks
PGP/GPG: 0x6EF45358; fingerprint:
E067 918B B660 DBD1 105C 966C 33F5 F005 6EF4 5358
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic