Date: Tue, 05 Apr 2011 17:15:26 -0700 From: Chuck Swiger <cswiger@mac.com> To: Dan Lukes <dan@obluda.cz> Cc: freebsd-security <freebsd-security@freebsd.org> Subject: Re: SSL is broken on FreeBSD Message-ID: <651452BB-74F3-4039-8E77-E332CC35A713@mac.com> In-Reply-To: <4D9BACF6.4060205@obluda.cz> References: <AANLkTin_zZgHRg7QtEwH2V8WOd=nvBcKdYvJkshGCt-R@mail.gmail.com> <BANLkTi=zOG0_tWbkAOex4ojXHdC8f-1v1w@mail.gmail.com> <1302042612.3271.100.camel@linux116.ctc.com> <4D9BACF6.4060205@obluda.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
On Apr 5, 2011, at 4:59 PM, Dan Lukes wrote: > 2. Such link will affect all users of system. Decision "what CA is trustful" should remain personal decision, not the system administrator decision, by default. Installation of ca-root-nss should not hit all users of system automatically. Well, that depends on who owns and manages the machine in question, and what it is being used for. There are differences between your personal machine, for which you as an individual are welcome to make all of the decisions, and a managed box which is owned by a company which might have a specific PKI infrastructure which is needed for the machine to be usable for it's intended role. Regards, -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?651452BB-74F3-4039-8E77-E332CC35A713>