Re: SSL is broken on FreeBSD
--17pEHd4RhPHOinZp
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On 2011-Apr-02 08:37:36 +0100, Miguel Lopes Santos Ramos <mbox@miguel.ramos=
=2Ename> wrote:
>The only root CAs that could be included by default would be those of
>governments (but which governments do you trust?) and things like
>CAcert.org.
Actually, there was a certificate port that included CAcert.org but
the port was dropped for various reasons. And Mozilla doesn't
currently trust CAcert.org so why should FreeBSD? (Note that Mozilla
has defined an audit process to verify CAs and CAcert.org is slowly
working towards compliance).
It has occurred to me that maybe the FreeBSD SO should create a root
cert and distribute that with FreeBSD. That certificate would at
least have the same trust level as FreeBSD.
--=20
Peter Jeremy
--17pEHd4RhPHOinZp
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (FreeBSD)
iEYEARECAAYFAk2aMKEACgkQ/opHv/APuIfRFgCglW0Sh1pCJV+N7oC/oTREIWKY
WgAAn1XM+OGNSG50uB3CWqKfxYHIAAri
=2R1w
-----END PGP SIGNATURE-----
--17pEHd4RhPHOinZp--
討論串 (同標題文章)
完整討論串 (本文為第 29 之 42 篇):