Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 3 Jul 2014 18:25:23 -0400
From:      Garrett Wollman <wollman@bimajority.org>
To:        Daniel Roethlisberger <daniel@roe.ch>
Cc:        freebsd-security@freebsd.org
Subject:   Re: RFC: Proposal: Install a /etc/ssl/cert.pem by default?
Message-ID:  <21429.55379.293697.133423@hergotha.csail.mit.edu>
In-Reply-To: <20140703221448.GA99094@calvin.ustdmz.roe.ch>
References:  <53B499B1.4090003@delphij.net> <53B4B7FB.6070407@FreeBSD.org> <53B56F49.7030109@FreeBSD.org> <CAF6rxgmsoJCnCpnGKUXe0jnPEgGNm3BB_SF73vLOkK5X9pOoPw@mail.gmail.com> <20140703221448.GA99094@calvin.ustdmz.roe.ch>

next in thread | previous in thread | raw e-mail | index | archive | help
<<On Fri, 4 Jul 2014 00:14:48 +0200, Daniel Roethlisberger <daniel@roe.ch> said:

> [1] There is no such thing as a perfect CA bundle (i.e. both
>     secure *and* usable) given how broken the whole CA system is
>     these days.

So is anyone working on DANE support in libfetch and other base-system
utilities?  Let's lead on this rather than just flaming about how CAs
suck....

-GAWollman




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?21429.55379.293697.133423>