GNOME Bugzilla – Bug 637966
Read-only PKCS#11 module for root settings
Last modified: 2016-02-23 09:54:23 UTC
For the system CA certificates, and possibly CRLs and other stuff, we shouldn't need to call into gnome-keyring-daemon. There should be a pkcs11 module which loads these things in-process. This PKCS#11 module will be read-only and can't use any private data. Writable stuff and private stuff will need to continue to be handled by the daemon. So this will be limited to exposing system trust and certificates.
Closing. p11-kit trust implemented this.