[Ach] You Won't Be Needing These Any More:, On Removing Unused Certicates From Trust, Stores

Martin Rublik martin.rublik at gmail.com
Thu Mar 20 22:50:06 CET 2014


On 20. 3. 2014 21:04, Hanno Böck wrote:
> On Thu, 20 Mar 2014 20:55:00 +0100 szebi <szebi at gmx.at> wrote:
> 
>> Please keep in mind, that not all of these CAs are used for TLS 
>> certificates. Some of these CAs issue certs for mail-signing, 
>> hardware-based identification, etc.!
> 
> So what? Then they probably still shouldn't be shipped in browsers, because
> https website certs are the only ones that matter there.

Well it maybe because NSS is shared between Thunderbird and Firefox. Or
because Windows Root Certificate Store is shared between IE and Outlook. I
suppose Apple also ships one store for their browser and mail client.

Anyway, I'm not advocating the inclusion of the CAs, just a thought that they
might be useful for other purposes (though I'm not really sure it they really
are :)).

Martin





More information about the Ach mailing list