[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: Using system SSL certificates...
From:       Thiago Macieira <thiago () kde ! org>
Date:       2010-02-03 5:52:26
Message-ID: 201002022152.34042.thiago () kde ! org
[Download RAW message or body]


Em Terça-feira 2. Fevereiro 2010, às 17.17.12, Brad Hards escreveu:
> On Saturday 30 January 2010 08:21:17 Thiago Macieira wrote:
> > The Qt non-Firefox certificates contain the likes of VeriSign, Thawte and
> > Equifax. The question is: why are those well-known certificates in Qt but
> > 
> >  not in Firefox?
> 
> Based on the log, it appears Qt may have just taken the cert bundle from an
> earlier version of KDE (when George Staikos was actively managing it).
> 
> George's policy (which I concur with) was that a cert in either Firefox or
> IE was OK, if the vendor requested it. It is not OK to just add
> certificates without doing appropriate checks of the vendors practices and
> policies, and KDE doesn't have the resources to do that, hence the
> out-sourcing approach.
> 
> FWIW, I'd support removing the cert bundle from KDE and just using
> mozilla's bundle. Ideally we'd support using system certs where the OS or
> vendor provides them.

That's what I did. I took the Mozilla file that describes their cert list.

But I found out that there are 48 certificates that exist today in Qt but not 
in Firefox.

The question is: why? Why doesn't Firefox carry VeriSign and Thawte 
certificates?

Or, if they do, where is the full list of their certificates?
-- 
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
  Senior Product Manager - Nokia, Qt Development Frameworks
      PGP/GPG: 0x6EF45358; fingerprint:
      E067 918B B660 DBD1 105C  966C 33F5 F005 6EF4 5358

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]