database and legacy databases have the same objects. In the case of certs and keys,
the merge is a simple matter of identifying duplicates and not updating them.
In the case of trust attributes, however, there are a number of choices:
# don't update duplicate trust (shared database copy wins).
# overwrite trust from the legacy database (legacy database copy wins).
# calculate the intersection of trust between them (take the least trusted values). (turning off trust wins).
# calculate the union of trust between the two (turning on trust wins).
From the user perspectiveTrust records are made up of several entries, such as one for SSL Server Auth, SSL Client Auth, S/MIME, etc. Each entry could have several values, including CKT_NSS_MUST_VERIFY, each of these choices means that after the update:CKT_NSS_TRUSTED_DELEGATOR, CKT_NSS_TRUSTED, CKT_NSS_VALID, etc).
# Merge updates the application that just updated may then trust certs records by the entries in that it had previously marked untrusted, and may no longer trust certs that it had previously marked trusted.record separately:# other applications that share if the database may then trust certs they had previously marked untrustedrecord entries are identical, and may no longer trust certs that they had previously marked trustedupdate is done.# all apps may find that they no longer if either trust record entry has an explicit unknown (CKT_NSS_TRUST_UNKNOWN) or invalid trust certs record entry (entry does not exist), then the one that had previously been marked trustedis valid and known is used.# all apps may find that they if one of the trust record entries has hard trust certs that had previously been marked untrusted. Option 3 is attributes (Trust flags with NSS_TRUSTED or NSS_UNTRUSTED in the name) and the most secure, Option 4 will break have less breakage. Trustmerge conflicts that are real conflicts other has soft attributes (application 'A' turned off trust andapplication 'B' turned on trustNSS_VALID or NSS_MUST_VERIFY) are expected to be rarethe entry with hard attributes is used. The common case wouldbe application 'A' turned on SSL Hard trust and application 'B' turned on email trust. In this case Option 4 is clearly the correct choiceattributes are attributes that will terminate a certificate validation. From a programming point # if non of viewthese cases apply, NSS should pick a default and implement it.Ideally no user interaction will occur. Finally password entries are merge issues. If then the two databases have differentpasswords, value in the merged target database will have to have ais preserved.
===== Mozilla Applications =====
