[xmlsec] Re: GOST support in xmlsec
Amiler Scumba
amiler_scumba at hotmail.com
Tue Feb 14 13:44:30 PST 2006
>>We would like to avoid scenario when a system administraotr might
>>accidently change the behaviour of one of the applications running on the
>>system by acidentally installing a nes trusted certificate into a system
>>store.
>
>I can easily argue both ways :) In some cases, one might want
>to have *everything* in one place (btw, this is the approved
>MS way for dealing with certificates :) ). But you are also right
>that sometimes it is not the best approach. However, I am not
>buying your "...acidentally installing..." argument because
>sysadmin can also acidentally put a new certificate in any other
>place as well :)
Ok, here is an example from MS way (specifiying which CAs to trust when
establishin an SSL session). Internet Information Server (IIS) can be
configured in two ways:
- by default it uses trusted certificate from system store
- but you can also create your own certificate trust list and explicitlly
define which root certificate do you trust. This enables you to have
different trusted CAs in for different Web Sites.
If you replace "IIS" with "XmlSec" and "Web Site" with "application" in the
paragraph above, we have an argument for supporting both scenarios in
XMLSec.
Amiler.
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
More information about the xmlsec
mailing list