Date: Tue, 5 Apr 2011 09:05:47 +1000 From: richo <richo@psych0tik.net> To: freebsd-security@freebsd.org Subject: Re: SSL is broken on FreeBSD Message-ID: <20110404230546.GA25778@richh-desktop.boxdice.com.au> In-Reply-To: <20110404205705.GA52172@server.vk2pj.dyndns.org> References: <AANLkTin_zZgHRg7QtEwH2V8WOd=nvBcKdYvJkshGCt-R@mail.gmail.com> <1301729856.5812.12.camel@w500.local> <20110404205705.GA52172@server.vk2pj.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On 05/04/11 06:57 +1000, Peter Jeremy wrote: >On 2011-Apr-02 08:37:36 +0100, Miguel Lopes Santos Ramos <mbox@miguel.ramos.name> wrote: >>The only root CAs that could be included by default would be those of >>governments (but which governments do you trust?) and things like >>CAcert.org. > >Actually, there was a certificate port that included CAcert.org but >the port was dropped for various reasons. And Mozilla doesn't >currently trust CAcert.org so why should FreeBSD? (Note that Mozilla >has defined an audit process to verify CAs and CAcert.org is slowly >working towards compliance). > >It has occurred to me that maybe the FreeBSD SO should create a root >cert and distribute that with FreeBSD. That certificate would at >least have the same trust level as FreeBSD. > >-- >Peter Jeremy But what would that CA trust? You'd then find yourself back in the original debate of what is considered trustworthy, which I agree is an issue for the user and not for the distribution. Out of idle curiosity, what does OpenBSD ship with their SSL implementation? richo -- richo || Today's excuse: We didn't pay the Internet bill and it's been cut off. [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEcBAEBAgAGBQJNmk7KAAoJEIKiWz6J5yQV61cH/1Kq/xqDAiC7Zo8T7hqLA/qh awy64wKbBadSmgETrss55WJZb0QdIcFnza4Cplej3yBQXPWTayP0McPrajOYGajc OS7iLTy/MxR6kNmBf/aqFcPiZo6eF1pfigIvKlrEc+o9gHWPTQw3fQ1j8pf6T0HS dVQf0Uw0+/IIUhy/JiI6qTaXTTFRxuXJi9C0PW4siICQp6gO8Q8Ep+Nb1u1BQdvw 0c4cYW7sZwRVM1+keCFTdWxzN5VA38wS2H2/NVYgsdIRqhiFUCM3GYWch1tkdg/T kUoQZbkuypSRoqsww/YvFBTKhlhpgbnjD+EAyk1k2IDVrcAyRcdVb0FIhHweKpU= =smOp -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110404230546.GA25778>