Date: Fri, 1 Apr 2011 17:03:02 -0600 From: Chad Perrin <perrin@apotheon.com> To: freebsd-security <freebsd-security@freebsd.org> Subject: Re: SSL is broken on FreeBSD Message-ID: <20110401230302.GA87063@guilt.hydra> In-Reply-To: <AANLkTikTGGSuqMLB%2BqsGSDUy6M07WFt0jQ7%2Bq=1U95=P@mail.gmail.com> References: <AANLkTin_zZgHRg7QtEwH2V8WOd=nvBcKdYvJkshGCt-R@mail.gmail.com> <20110401153300.GA85392@guilt.hydra> <AANLkTi=fqSAMiGtGQO1%2Bt1QbhNY1m_S%2Bx294WX3zHpOK@mail.gmail.com> <4D9639B0.1070302@FreeBSD.org> <AANLkTi=17e7qE8yAACKiYSvpvsUZhDJu4e=mmM%2BhHwr8@mail.gmail.com> <63CF07FC-BD9A-47C2-9535-09D9ED8E982D@smtps.net> <AANLkTikTGGSuqMLB%2BqsGSDUy6M07WFt0jQ7%2Bq=1U95=P@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Fri, Apr 01, 2011 at 10:24:35PM +0100, István wrote: > > You're probably not aware (owing to your arrogance) that at least some of > > the CAs which ship as part of the Mozilla bundle have been known to issue > > fraudulent certificates in the past, even the past few weeks. > > > > once there was a remote root in freebsd kernel, so I have just stopped using > it > > (sometimes I wish I did....) It is worth noting that there is a difference between, on one hand, using software and discovering a bug exists in it that may not even have possibly affected you -- and, on the other, taking some faceless third party's assurances on issues of cryptographic trust and discovering that refusing to take responsibility for your own decisions about trust has placed your security at the mercy of untrustworthy people. -- Chad Perrin [ original content licensed OWL: http://owl.apotheon.org ] [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (FreeBSD) iEYEARECAAYFAk2WWaYACgkQ9mn/Pj01uKXk1ACeKTzXSK1iPX+DyYKdfdSK/r/7 N3IAoLUgy8otzdSIN5sDQY2Yp3z5bWs9 =HgSa -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110401230302.GA87063>