From owner-freebsd-gecko@FreeBSD.ORG  Thu Jul  3 00:26:57 2014
Return-Path: <owner-freebsd-gecko@FreeBSD.ORG>
Delivered-To: gecko@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 1C255DD7;
 Thu,  3 Jul 2014 00:26:57 +0000 (UTC)
Received: from smtp1.ms.mff.cuni.cz (smtp1.ms.mff.cuni.cz
 [IPv6:2001:718:1e03:801::4])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 8D3932488;
 Thu,  3 Jul 2014 00:26:56 +0000 (UTC)
Received: from kgw.obluda.cz ([194.108.204.138])
 by smtp1.ms.mff.cuni.cz (8.14.5/8.14.5) with ESMTP id s630QV4F007165
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=OK);
 Thu, 3 Jul 2014 02:26:37 +0200 (CEST) (envelope-from dan@obluda.cz)
Message-ID: <53B4A337.3010907@obluda.cz>
Date: Thu, 03 Jul 2014 02:26:31 +0200
From: Dan Lukes <dan@obluda.cz>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
 rv:29.0) Gecko/20100101 Firefox/29.0 SeaMonkey/2.26
MIME-Version: 1.0
To: d@delphij.net, freebsd-security@FreeBSD.ORG
Subject: Re: RFC: Proposal: Install a /etc/ssl/cert.pem by default?
References: <53B499B1.4090003@delphij.net>
In-Reply-To: <53B499B1.4090003@delphij.net>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Cc: gecko@FreeBSD.org
X-BeenThere: freebsd-gecko@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Gecko Rendering Engine issues <freebsd-gecko.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-gecko>,
 <mailto:freebsd-gecko-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-gecko/>
List-Post: <mailto:freebsd-gecko@freebsd.org>
List-Help: <mailto:freebsd-gecko-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-gecko>,
 <mailto:freebsd-gecko-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Jul 2014 00:26:57 -0000

On 07/03/14 01:45, Xin Li:
> 1. Import a set of trusted root certificates


Question is imminent ...

Trusted by whom ?

Trust is matter of personal decision, local law and law that apply to 
particular CA.

If I consider a CA to be trustworthy, I will insert it's certificate to 
trusted store. No one is welcomed to make such decision in behalf of me.

Just my $0.02

Dan