Should we drop the SSL certificate bundle?

Rolf Eike Beer kde at opensource.sf-tec.de
Fri Aug 20 07:32:01 BST 2010 

Thiago Macieira wrote:
> On Thursday 19 August 2010 08:02:52 Rolf Eike Beer wrote:
> > Thiago Macieira wrote:

> > > Anyway, as of Qt 4.7, Qt loads the global store on any platform. All
> > > KDE has to do to benefit from that is to stop overriding.
> > 
> > That sounds very reasonable to me.
> > 
> > Is that bundle additive or exclusive? So can we simply ship a bunch of
> > additional certs we like and use everything from the global store or will
> > our bundle always replace the global one if we provide one?
> 
> It's not our bundle anymore. It's shipped by the distribution and we expect
> them to do a good job at deciding which root certificates to preload. And
> I've seen the distributions override what KDE ships anyway.

I thought about this: we ship a small bundle with our additional things and 
add that on the fly to the system bundle. I wonder if any of those roots are 
really needed these days anymore?

> I think KDE should stop installing or removing any certificates by default.
> A default install of KDE should use all of the certificates shipped with
> the distribution and none more. If your distribution doesn't ship any,
> then SSL won't work for you and you should either find a list of root CAs
> that *you* trust or find a distribution that does it for you.

Yes, that is exactly what I had in mind with my original post.

> By user interaction, via the (missing) SSL configuration KCM, the user can
> elect to add or remove certificates. That can be done by KDE libraries, by
> loading more certificates and adding them to the default set from
> QSslConfiguration, and by removing from the list ones that the user
> removed.
> 
> Since we don't have an SSL configuration KCM, there's no need for code to
> add or remove certificates either.

As a user I must be able to add my own roots for me without losing the global 
store. So if I decide that I trust CA X and my admin does not it's totally 
legal that I can import them and don't get warnings about those certs and 
other users do.

Eike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20100820/8e8aca78/attachment.sig>

More information about the kde-core-devel mailing list