From owner-freebsd-security@FreeBSD.ORG Fri Apr 1 18:47:25 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2EAE41065670 for ; Fri, 1 Apr 2011 18:47:25 +0000 (UTC) (envelope-from leccine@gmail.com) Received: from mail-bw0-f54.google.com (mail-bw0-f54.google.com [209.85.214.54]) by mx1.freebsd.org (Postfix) with ESMTP id AD55D8FC1C for ; Fri, 1 Apr 2011 18:47:24 +0000 (UTC) Received: by bwz12 with SMTP id 12so3343382bwz.13 for ; Fri, 01 Apr 2011 11:47:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=PlvbqSqd66NcjfFvyK3bsmQM6dUBttHsA9HEXZ9s+ZA=; b=LOQ8zeSi8461wsECmwDxg2f6FefdCMZjg6ONOr+LKKTdFSj5LTNaFNDUk3kf2S+aTD tefCkTwKNH4hMijuV5LUtjXgH0WgmiLWteCBagGy8k1UVP1Z3NAh9SZP3X9LhqHl6+lP H6skSjLRhgAOK3+QQF54IeZG+0CJsWp8681hU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=rS6u3G2TY3Ak63tQh2sNWnQ/LRBaz3wLS55uzIlQDbYwhV0cAzApKFi7orZjKXQ+ai UCJ04LgMW4DqEjPjsAkxlJo4Z83EJO3zR6MNun1Cfi8H7kRtJrWYYGeeeeJWTNL6cuVy mgCUHTz3zdLw+hSymiv7VDg45CjSU8tILDQ70= MIME-Version: 1.0 Received: by 10.204.74.93 with SMTP id t29mr3986037bkj.150.1301683643636; Fri, 01 Apr 2011 11:47:23 -0700 (PDT) Received: by 10.204.62.13 with HTTP; Fri, 1 Apr 2011 11:47:23 -0700 (PDT) In-Reply-To: <20110401153300.GA85392@guilt.hydra> References: <20110401153300.GA85392@guilt.hydra> Date: Fri, 1 Apr 2011 19:47:23 +0100 Message-ID: From: =?UTF-8?Q?Istv=C3=A1n?= To: freebsd-security Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Chad Perrin Subject: Re: SSL is broken on FreeBSD X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Apr 2011 18:47:25 -0000 Yep, SSL is broken. This why the top500 companies are using it to secure their business. I hope you have something better what we could implement tomorrow deprecating SSL. Send the RFC please. :) Thank you in advance. I. On Fri, Apr 1, 2011 at 4:33 PM, Chad Perrin wrote: > On Fri, Apr 01, 2011 at 03:33:15PM +0100, Istv=C3=A1n wrote: > > > > FreeBSD ships OpenSSL but it is broken because there is no CA. Right, > > it is like shipping a car without wheels, I suppose. > > Err . . . now. SSL isn't broken, any more than vi is broken just because > it doesn't ship with text files for you to edit. It would be more like > shipping a car without giving you a list of roads on which the > manufacturer suggests you use it. > > > > > > Is there a reason to do this? > > I don't know. Maybe the guys who made that decision thought that users > should be able to make their own decisions about who to trust, rather > than relying on Verisign to make that decision for them. I'm just > speculating wildly -- I actually have no idea. > > -- > Chad Perrin [ original content licensed OWL: http://owl.apotheon.org ] > --=20 the sun shines for all http://wperf.com/