Achim Gratz Stromeko at nexgo.de
Mon Jan 13 19:26:05 UTC 2020

Hal Murray via devel writes:
> Suppose you don't trust all those CAs.  What can you do?

Then they shouldn't be in your trust root to begin with.  It's easy
enough to remove a CA source file from the system cert store and rebuild
it, although what to do is slightly different on each system.

> One option is to extract the appropriate certificate from the installed root 
> collection.

That's CA pinning rather than certificate pinning.  It only makes sense
(to me anyway) if you expect to have multiple different certificates
that refer to that CA, so maybe if you have a local CA that you don't
want to advertise system-wide.

+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

Factory and User Sound Singles for Waldorf rackAttack:

More information about the devel mailing list