The problem is very broad though. CA/B forum is very effective for what it does, but equivalents for other uses are less so.
Most places crib and slightly rework the Mozilla CA pack with highly variable levels of maintenance and accuracy.
macOS and windows have richer models, but integrations are often poor. For many years homebrew had code that seeded an OpenSSL compatible pem with explicitly untrusted certs on macOS.
We could do with something as effective as CA/B that covers more use cases. Along with it should come some amount of reference implementation material and regularly updated test vectors.
Essentially we need the client side of let’s encrypt, and it can’t be let’s encrypt that does it.
The problem is very broad though. CA/B forum is very effective for what it does, but equivalents for other uses are less so.
Most places crib and slightly rework the Mozilla CA pack with highly variable levels of maintenance and accuracy.
macOS and windows have richer models, but integrations are often poor. For many years homebrew had code that seeded an OpenSSL compatible pem with explicitly untrusted certs on macOS.
We could do with something as effective as CA/B that covers more use cases. Along with it should come some amount of reference implementation material and regularly updated test vectors.
Essentially we need the client side of let’s encrypt, and it can’t be let’s encrypt that does it.