From owner-freebsd-gecko@FreeBSD.ORG Fri Jul 4 02:44:56 2014 Return-Path: Delivered-To: gecko@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id EE1FF6AC; Fri, 4 Jul 2014 02:44:55 +0000 (UTC) Received: from h2.funkthat.com (gate2.funkthat.com [208.87.223.18]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "funkthat.com", Issuer "funkthat.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id CAE5A2235; Fri, 4 Jul 2014 02:44:55 +0000 (UTC) Received: from h2.funkthat.com (localhost [127.0.0.1]) by h2.funkthat.com (8.14.3/8.14.3) with ESMTP id s642iq20098391 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 3 Jul 2014 19:44:52 -0700 (PDT) (envelope-from jmg@h2.funkthat.com) Received: (from jmg@localhost) by h2.funkthat.com (8.14.3/8.14.3/Submit) id s642ipEo098390; Thu, 3 Jul 2014 19:44:51 -0700 (PDT) (envelope-from jmg) Date: Thu, 3 Jul 2014 19:44:51 -0700 From: John-Mark Gurney To: Dan Lukes Subject: Re: RFC: Proposal: Install a /etc/ssl/cert.pem by default? Message-ID: <20140704024451.GU45513@funkthat.com> Mail-Followup-To: Dan Lukes , d@delphij.net, freebsd-security@freebsd.org, gecko@freebsd.org References: <53B499B1.4090003@delphij.net> <53B4A337.3010907@obluda.cz> <53B4BFD2.2060903@obluda.cz> <53B499B1.4090003@delphij.net> <53B4A337.3010907@obluda.cz> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <53B4BFD2.2060903@obluda.cz> <53B4A337.3010907@obluda.cz> User-Agent: Mutt/1.4.2.3i X-Operating-System: FreeBSD 7.2-RELEASE i386 X-PGP-Fingerprint: 54BA 873B 6515 3F10 9E88 9322 9CB1 8F74 6D3F A396 X-Files: The truth is out there X-URL: http://resnet.uoregon.edu/~gurney_j/ X-Resume: http://resnet.uoregon.edu/~gurney_j/resume.html X-TipJar: bitcoin:13Qmb6AeTgQecazTWph4XasEsP7nGRbAPE X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.2 (h2.funkthat.com [127.0.0.1]); Thu, 03 Jul 2014 19:44:52 -0700 (PDT) Cc: freebsd-security@freebsd.org, d@delphij.net, gecko@freebsd.org X-BeenThere: freebsd-gecko@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Gecko Rendering Engine issues List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Jul 2014 02:44:56 -0000 Dan Lukes wrote this message on Thu, Jul 03, 2014 at 02:26 +0200: > On 07/03/14 01:45, Xin Li: > >1. Import a set of trusted root certificates > > Question is imminent ... > > Trusted by whom ? > > Trust is matter of personal decision, local law and law that apply to > particular CA. > > If I consider a CA to be trustworthy, I will insert it's certificate to > trusted store. No one is welcomed to make such decision in behalf of me. As others have said, you can customize FreeBSD how you want.. There is no, we will uninstall FreeBSD if you uninstall (or set WITHOUT_xxx) on your FreeBSD system... Dan Lukes wrote this message on Thu, Jul 03, 2014 at 04:28 +0200: > On 07/03/14 03:47, Eitan Adler: > >IMHO, it is sane to follow the same policy that Mozilla follows and to > >use their root store by default. > > It's policy define very generic requirements only. Almost anyone can apply. I agree that the FreeBSD project needs a policy on how CA's are selected, just like other countries may not trust USA's CA's, people should always be more aware of this, but sadly, many do not... This is partly why things like TACK and other cert mechanisms are being investigated... When I first heard of how certs were issued almost 20 years ago, I was like, are they stupid? Sadly, we realized too late how stupid it was... > But I'm not going to discuss Mozila's policy here beyond my opinion that > it's definition of "trusted" is near to meaningless. > > >>If I consider a CA to be trustworthy, I will insert it's certificate to > >>trusted store. No one is welcomed to make such decision in behalf of me. > > > >So remove or edit the defaults. > > Be sure I'm doing it already with browsers stores. But I wish > system/program shall be safe by default because not all users are > experts that can recognize dangerous defaults. Per my email to phk, certs can/should have different trust metrics associated with them... I always laugh when I see people post md5/sha1 sums to their http website but not sign them... What's the point? If someone can MITM or hack the server, you can replace the md5/sha1 sum too... There needs to be a proper train of trust if you go that far, and I doubt most people are willing to do that... > Are you ready to recommend a CA as trustworthy and take responsibility > for such advice ? > > OK, I expressed my personal opinion in full and I'm not wishing to start > a flame war here ;-) It's good to know the conserns of our users.. :) Even if we may think some of them are crazy, though I've been happy to find out that I wasn't paranoid over the last few years, they really were listening.. :) -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."