On 03/28/2014 09:28 PM, Jonathan Schleifer wrote:
There's also choice 3: Showing the dialog like in Choice 1, but showing which other certificates signed the certificate. Then the user can still decide.
Thank you, that's exactly what I proposed.
That X.509 is in libraries doesn't help us at all. If we someday want it in the kernel or loader, we're screwed.
No, it only means we would have to implement the parts we need. With a homebrewn solution we will definitely have to implement everything ourselves. And yes, if that solution simply omits important parts (like signed certificates) it would definitely be simpler (and less useful).
CU, Ingo