Re: RFC: Proposal: Install a /etc/ssl/cert.pem by default?
On 2 July 2014 17:26, Dan Lukes <dan@obluda.cz> wrote:
> On 07/03/14 01:45, Xin Li:
>
>> 1. Import a set of trusted root certificates
>
>
>
> Question is imminent ...
>
> Trusted by whom ?
IMHO, it is sane to follow the same policy that Mozilla follows and to
use their root store by default.
> If I consider a CA to be trustworthy, I will insert it's certificate to
> trusted store. No one is welcomed to make such decision in behalf of me.
So remove or edit the defaults.
As for #4: I'm not sure I like the port touching the base system (even
with an option) but I don't see a real alternative.
--
Eitan Adler
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 4 之 29 篇):