Date: Fri, 1 Apr 2011 17:03:02 -0600 From: Chad Perrin <perrin@apotheon.com> To: freebsd-security <freebsd-security@freebsd.org> Subject: Re: SSL is broken on FreeBSD Message-ID: <20110401230302.GA87063@guilt.hydra> In-Reply-To: <AANLkTikTGGSuqMLB%2BqsGSDUy6M07WFt0jQ7%2Bq=1U95=P@mail.gmail.com> References: <AANLkTin_zZgHRg7QtEwH2V8WOd=nvBcKdYvJkshGCt-R@mail.gmail.com> <20110401153300.GA85392@guilt.hydra> <AANLkTi=fqSAMiGtGQO1%2Bt1QbhNY1m_S%2Bx294WX3zHpOK@mail.gmail.com> <4D9639B0.1070302@FreeBSD.org> <AANLkTi=17e7qE8yAACKiYSvpvsUZhDJu4e=mmM%2BhHwr8@mail.gmail.com> <63CF07FC-BD9A-47C2-9535-09D9ED8E982D@smtps.net> <AANLkTikTGGSuqMLB%2BqsGSDUy6M07WFt0jQ7%2Bq=1U95=P@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--NzB8fVQJ5HfG6fxh Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Apr 01, 2011 at 10:24:35PM +0100, Istv=E1n wrote: > > You're probably not aware (owing to your arrogance) that at least some = of > > the CAs which ship as part of the Mozilla bundle have been known to iss= ue > > fraudulent certificates in the past, even the past few weeks. > > >=20 > once there was a remote root in freebsd kernel, so I have just stopped us= ing > it >=20 > (sometimes I wish I did....) It is worth noting that there is a difference between, on one hand, using software and discovering a bug exists in it that may not even have possibly affected you -- and, on the other, taking some faceless third party's assurances on issues of cryptographic trust and discovering that refusing to take responsibility for your own decisions about trust has placed your security at the mercy of untrustworthy people. --=20 Chad Perrin [ original content licensed OWL: http://owl.apotheon.org ] --NzB8fVQJ5HfG6fxh Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (FreeBSD) iEYEARECAAYFAk2WWaYACgkQ9mn/Pj01uKXk1ACeKTzXSK1iPX+DyYKdfdSK/r/7 N3IAoLUgy8otzdSIN5sDQY2Yp3z5bWs9 =HgSa -----END PGP SIGNATURE----- --NzB8fVQJ5HfG6fxh--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110401230302.GA87063>