What's a security enterprisey thing you'd want to see less of?
The OS-integrated certificate trust store is the main thing I was thinking of. Maybe stricter external-to-internal network access control.
-
-
What do you see as beneficial from moving away from the OS store?
-
My understanding is that Chrome's certificate processing can be stricter if it doesn't have to make compromises to support OS mgmt. Yes/no?
-
Stricter in what sense? We've got almost all platforms using our internal parser (USE_BYTE_CERTS) and it's stricter on DER side.
-
First, that's great. But, I was thinking that there are limitations in differentiating built-in and non-built-in roots, Maybe not anymore?
-
Yeah, not any more for all platforms !Win (and Red Hat, because
). I have a ~2% mismatch rate on Win I haven't had time to dig into
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.