Date: Fri, 1 Apr 2011 09:33:01 -0600 From: Chad Perrin <perrin@apotheon.com> To: freebsd-security <freebsd-security@freebsd.org> Subject: Re: SSL is broken on FreeBSD Message-ID: <20110401153300.GA85392@guilt.hydra> In-Reply-To: <AANLkTin_zZgHRg7QtEwH2V8WOd=nvBcKdYvJkshGCt-R@mail.gmail.com> References: <AANLkTin_zZgHRg7QtEwH2V8WOd=nvBcKdYvJkshGCt-R@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Fri, Apr 01, 2011 at 03:33:15PM +0100, István wrote: > > FreeBSD ships OpenSSL but it is broken because there is no CA. Right, > it is like shipping a car without wheels, I suppose. Err . . . now. SSL isn't broken, any more than vi is broken just because it doesn't ship with text files for you to edit. It would be more like shipping a car without giving you a list of roads on which the manufacturer suggests you use it. > > Is there a reason to do this? I don't know. Maybe the guys who made that decision thought that users should be able to make their own decisions about who to trust, rather than relying on Verisign to make that decision for them. I'm just speculating wildly -- I actually have no idea. -- Chad Perrin [ original content licensed OWL: http://owl.apotheon.org ] [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (FreeBSD) iEYEARECAAYFAk2V8CwACgkQ9mn/Pj01uKW7qgCdEfAXQPBGGqw0hZ7qYW7B4ZXV JL0An2qRBQ52LqT2WWbo56RNjXWBBOcy =3hU6 -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110401153300.GA85392>