Re: SSL is broken on FreeBSD
--bg08WKrSYDhXBjb5
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On 05/04/11 06:57 +1000, Peter Jeremy wrote:
>On 2011-Apr-02 08:37:36 +0100, Miguel Lopes Santos Ramos <mbox@miguel.ramo=
s.name> wrote:
>>The only root CAs that could be included by default would be those of
>>governments (but which governments do you trust?) and things like
>>CAcert.org.
>
>Actually, there was a certificate port that included CAcert.org but
>the port was dropped for various reasons. And Mozilla doesn't
>currently trust CAcert.org so why should FreeBSD? (Note that Mozilla
>has defined an audit process to verify CAs and CAcert.org is slowly
>working towards compliance).
>
>It has occurred to me that maybe the FreeBSD SO should create a root
>cert and distribute that with FreeBSD. That certificate would at
>least have the same trust level as FreeBSD.
>
>--=20
>Peter Jeremy
But what would that CA trust?
You'd then find yourself back in the original debate of what is considered
trustworthy, which I agree is an issue for the user and not for the
distribution.
Out of idle curiosity, what does OpenBSD ship with their SSL implementation?
richo
--=20
richo || Today's excuse:=20
We didn't pay the Internet bill and it's been cut off.
--bg08WKrSYDhXBjb5
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEcBAEBAgAGBQJNmk7KAAoJEIKiWz6J5yQV61cH/1Kq/xqDAiC7Zo8T7hqLA/qh
awy64wKbBadSmgETrss55WJZb0QdIcFnza4Cplej3yBQXPWTayP0McPrajOYGajc
OS7iLTy/MxR6kNmBf/aqFcPiZo6eF1pfigIvKlrEc+o9gHWPTQw3fQ1j8pf6T0HS
dVQf0Uw0+/IIUhy/JiI6qTaXTTFRxuXJi9C0PW4siICQp6gO8Q8Ep+Nb1u1BQdvw
0c4cYW7sZwRVM1+keCFTdWxzN5VA38wS2H2/NVYgsdIRqhiFUCM3GYWch1tkdg/T
kUoQZbkuypSRoqsww/YvFBTKhlhpgbnjD+EAyk1k2IDVrcAyRcdVb0FIhHweKpU=
=smOp
-----END PGP SIGNATURE-----
--bg08WKrSYDhXBjb5--
討論串 (同標題文章)
完整討論串 (本文為第 30 之 42 篇):