Comment 4 for bug 1926664

You are right that it's not a duplicate, sorry for the confusion. It's part of the "centralized SSL" concept, but it tackles a different area.

About crypto-policies, evaluating how it would look in ubuntu, what amount of work is needed, how many downstream (our) parches will we have, that is all part of the work, and in the end we may discard it, or come up with an alternative. For now, it's merely a starting point.