What is Nostr?
Matt Whitlock [ARCHIVE] /
npub17qx…pwet
2023-06-07 15:28:43
in reply to nevent1q…upl7

Matt Whitlock [ARCHIVE] on Nostr: 📅 Original date posted:2015-01-28 📝 Original message:On Wednesday, 28 January ...

📅 Original date posted:2015-01-28
📝 Original message:On Wednesday, 28 January 2015, at 5:19 pm, Giuseppe Mazzotta wrote:
> On 28-01-15 16:42, Mike Hearn wrote:
> > Just as a reminder, there is no obligation to use the OS root
> > store. You can (and quite possibly should) take a snapshot of the
> > Mozilla/Apple/MSFT etc stores and load it in your app. We do this
> > in bitcoinj by default to avoid cases where BIP70 requests work on
> > some platforms and not others, although the developer can easily
> > override this and use the OS root store instead.
> >
> Except that Mozilla/Apple/MSFT will update these certificate stores -
> second their policies - and your snapshot/collection might get
> outdated at a different pace than the OS-provided certificates,
> depending on how you (or the package maintainer) are rolling out updates.

I'm frankly _horrified_ to learn that BitcoinJ ships its own root CA certificates bundle. This means that, if a root CA gets breached and a certificate gets revoked, all BitcoinJ-using software will be vulnerable until BitcoinJ ships an update *and* the software in question pulls in the new BitcoinJ update and releases its own update. That might never happen.
Author Public Key
npub17qxssk9sj2r7jswvh3y32e7vwz7mcckhz33gk9nurdmw0lhsfkgswupwet