Date: Tue, 5 Apr 2011 06:57:05 +1000 From: Peter Jeremy <peterjeremy@acm.org> To: Miguel Lopes Santos Ramos <mbox@miguel.ramos.name> Cc: freebsd-security@freebsd.org Subject: Re: SSL is broken on FreeBSD Message-ID: <20110404205705.GA52172@server.vk2pj.dyndns.org> In-Reply-To: <1301729856.5812.12.camel@w500.local> References: <AANLkTin_zZgHRg7QtEwH2V8WOd=nvBcKdYvJkshGCt-R@mail.gmail.com> <1301729856.5812.12.camel@w500.local>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On 2011-Apr-02 08:37:36 +0100, Miguel Lopes Santos Ramos <mbox@miguel.ramos.name> wrote: >The only root CAs that could be included by default would be those of >governments (but which governments do you trust?) and things like >CAcert.org. Actually, there was a certificate port that included CAcert.org but the port was dropped for various reasons. And Mozilla doesn't currently trust CAcert.org so why should FreeBSD? (Note that Mozilla has defined an audit process to verify CAs and CAcert.org is slowly working towards compliance). It has occurred to me that maybe the FreeBSD SO should create a root cert and distribute that with FreeBSD. That certificate would at least have the same trust level as FreeBSD. -- Peter Jeremy [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (FreeBSD) iEYEARECAAYFAk2aMKEACgkQ/opHv/APuIfRFgCglW0Sh1pCJV+N7oC/oTREIWKY WgAAn1XM+OGNSG50uB3CWqKfxYHIAAri =2R1w -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110404205705.GA52172>