Date: Mon, 4 Apr 2011 21:58:54 -0400 From: Garrett Wollman <wollman@bimajority.org> To: richo <richo@psych0tik.net> Cc: freebsd-security@freebsd.org Subject: Re: SSL is broken on FreeBSD Message-ID: <19866.30558.24345.112771@hergotha.csail.mit.edu> In-Reply-To: <20110404230546.GA25778@richh-desktop.boxdice.com.au> References: <AANLkTin_zZgHRg7QtEwH2V8WOd=nvBcKdYvJkshGCt-R@mail.gmail.com> <1301729856.5812.12.camel@w500.local> <20110404205705.GA52172@server.vk2pj.dyndns.org> <20110404230546.GA25778@richh-desktop.boxdice.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Tue, 5 Apr 2011 09:05:47 +1000, richo <richo@psych0tik.net> said: > On 05/04/11 06:57 +1000, Peter Jeremy wrote: >> It has occurred to me that maybe the FreeBSD SO should create a root >> cert and distribute that with FreeBSD. That certificate would at >> least have the same trust level as FreeBSD. >> >> -- >> Peter Jeremy > But what would that CA trust? The certificates he also generates for services like freebsd-update and portsnap. And probably also a certificate for use in email to the security-officer role, so that those benighted people who only have access to S/MIME email can still send him private messages. Ideally it would also be used to sign the CHECKSUMS files on the FTP site, so that the installer could check whether it was talking to an authentic mirror site and ask the user what to do. -GAWollman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19866.30558.24345.112771>