Regular updates #11
Comments
|
I believe @leifj has plan to do regular updates. |
|
Adding @br00k - we have been talking about this as an extension to TACAR and other GEANT trust store activities. |
|
You pull manually right now, correct? We can at least set a reminder that we should update once a month. |
|
I'm taking a different approach. Mozilla's Root CA Program is working on a Common CA Database managed in Salesforce. The database exports CSV files that contain the latest list of trusted CA for Mozilla and Microsoft. I am told that other organizations may join the effort in the future. That means retrieving a truststore can be done directly from these exports. I wrote a small Go script that does so: https://github.com/mozilla/tls-observatory/blob/master/tools/retrieveTruststoreFromCADatabase.go It's not always the same data as the one shipped in NSS, or Windows, as there may be a delay between something changing in the upstream CA database and the change being shipped to products. Regardless, that's the data source Mozilla's TLS Observatory will use from now on. |
Hi @kirei, thanks a lot for this compilation of truststores! We use it in https://github.com/mozilla/tls-observatory to evaluate certificate trust.
One thing I've been wondering about is the freshness of the data in this repo. The Mozilla CA, for example, is updated monthly upstream but I don't believe this is reflected here. What would it take to have weekly or monthly updates of this repository? Could it be automated somehow?
The text was updated successfully, but these errors were encountered: