From owner-freebsd-security@FreeBSD.ORG  Thu Jul  3 14:55:21 2014
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 5A72AD60
 for <freebsd-security@freebsd.org>; Thu,  3 Jul 2014 14:55:21 +0000 (UTC)
Received: from smtp1.ms.mff.cuni.cz (smtp1.ms.mff.cuni.cz
 [IPv6:2001:718:1e03:801::4])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id E661721B2
 for <freebsd-security@freebsd.org>; Thu,  3 Jul 2014 14:55:20 +0000 (UTC)
Received: from kgw.obluda.cz ([194.108.204.138])
 by smtp1.ms.mff.cuni.cz (8.14.5/8.14.5) with ESMTP id s63Et5wV039556
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=OK)
 for <freebsd-security@freebsd.org>; Thu, 3 Jul 2014 16:55:15 +0200 (CEST)
 (envelope-from dan@obluda.cz)
Message-ID: <53B56EC9.2020107@obluda.cz>
Date: Thu, 03 Jul 2014 16:55:05 +0200
From: Dan Lukes <dan@obluda.cz>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
 rv:29.0) Gecko/20100101 Firefox/29.0 SeaMonkey/2.26
MIME-Version: 1.0
To: freebsd-security@freebsd.org
Subject: Re: RFC: Proposal: Install a /etc/ssl/cert.pem by default?
References: <53B499B1.4090003@delphij.net>
 <5c02fe3098089bf6d58834a66f2eeba7@mail.feld.me>
In-Reply-To: <5c02fe3098089bf6d58834a66f2eeba7@mail.feld.me>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Jul 2014 14:55:21 -0000

On 07/03/14 16:16, Mark Felder:
> if we do not make an effort to provide a default trust store why do we enforce verification by default?

Well, there is a CA recognized trustworthy for the purpose of FreeBSD 
components download. It's a CA maintained by FreeBSD's security officer 
or other core commiter.

I trust source codes under it's control already, so I can trust it's own 
CA that's verify such code transfers.

Of course, such CA is not considered trusted for others purposes. It is 
acceptable to use pre-installed CA for the purpose of system 
maintenance, but it must not be used by any generic system 
utility/library by default.

I mean that maintenance tools like portmaster, pkg or so may "trust" 
such default CA, but generic system tools like fetch or ftp as well as 
system libraries like libfetch must not considered a CA trusted without 
explicit administrators/users decision.

Dan