Hi! I've spoken to a developer of PLD (Polished Linux Distribution). They are going to create a policy/framework for including diffrent SSL certificates into distribution. The idea is, that every person/company whishing to have its certificate included in the distribution has to deliver it in the form of .rpm package (templates for creating such a package will be available public) or in the raw form to a person calles e.g. "certs packages maintainer". This gives the user (or: administrator) the ability of deciding which one of these certificates he considers trustworth (and installs them on the system) and which ones not. Of course it requires a person which will check validity of incoming certs/packages and authorize somehow their issuer. Do you think it is a good idea ? It would be nice to have a central repository of certificates (e.g. in /usr/share/certs), which could be used by any SSL-based application. Richard. -- "First they ignore you. Then they laugh at you. Then they fight you. Then you win." - Mohandas Gandhi.
Attachment:
pgp3P4HsrI2lP.pgp
Description: PGP signature