Date: Wed, 2 Jul 2014 18:47:37 -0700 From: Eitan Adler <lists@eitanadler.com> To: Dan Lukes <dan@obluda.cz> Cc: freebsd-security@freebsd.org, d@delphij.net, gecko@freebsd.org Subject: Re: RFC: Proposal: Install a /etc/ssl/cert.pem by default? Message-ID: <CAF6rxgkhXtXCjWGpbcm0UU3Rr57dXJojQJ05Rqe-sQ_Nmyp8KQ@mail.gmail.com> In-Reply-To: <53B4A337.3010907@obluda.cz> References: <53B499B1.4090003@delphij.net> <53B4A337.3010907@obluda.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2 July 2014 17:26, Dan Lukes <dan@obluda.cz> wrote: > On 07/03/14 01:45, Xin Li: > >> 1. Import a set of trusted root certificates > > > > Question is imminent ... > > Trusted by whom ? IMHO, it is sane to follow the same policy that Mozilla follows and to use their root store by default. > If I consider a CA to be trustworthy, I will insert it's certificate to > trusted store. No one is welcomed to make such decision in behalf of me. So remove or edit the defaults. As for #4: I'm not sure I like the port touching the base system (even with an option) but I don't see a real alternative. -- Eitan Adler
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAF6rxgkhXtXCjWGpbcm0UU3Rr57dXJojQJ05Rqe-sQ_Nmyp8KQ>