Date: Fri, 1 Apr 2011 19:47:23 +0100 From: =?UTF-8?Q?Istv=C3=A1n?= <leccine@gmail.com> To: freebsd-security <freebsd-security@freebsd.org> Cc: Chad Perrin <perrin@apotheon.com> Subject: Re: SSL is broken on FreeBSD Message-ID: <AANLkTi=fqSAMiGtGQO1%2Bt1QbhNY1m_S%2Bx294WX3zHpOK@mail.gmail.com> In-Reply-To: <20110401153300.GA85392@guilt.hydra> References: <AANLkTin_zZgHRg7QtEwH2V8WOd=nvBcKdYvJkshGCt-R@mail.gmail.com> <20110401153300.GA85392@guilt.hydra>
next in thread | previous in thread | raw e-mail | index | archive | help
Yep, SSL is broken. This why the top500 companies are using it to secure their business. I hope you have something better what we could implement tomorrow deprecating SSL. Send the RFC please. :) Thank you in advance. I. On Fri, Apr 1, 2011 at 4:33 PM, Chad Perrin <perrin@apotheon.com> wrote: > On Fri, Apr 01, 2011 at 03:33:15PM +0100, Istv=C3=A1n wrote: > > > > FreeBSD ships OpenSSL but it is broken because there is no CA. Right, > > it is like shipping a car without wheels, I suppose. > > Err . . . now. SSL isn't broken, any more than vi is broken just because > it doesn't ship with text files for you to edit. It would be more like > shipping a car without giving you a list of roads on which the > manufacturer suggests you use it. > > > > > > Is there a reason to do this? > > I don't know. Maybe the guys who made that decision thought that users > should be able to make their own decisions about who to trust, rather > than relying on Verisign to make that decision for them. I'm just > speculating wildly -- I actually have no idea. > > -- > Chad Perrin [ original content licensed OWL: http://owl.apotheon.org ] > --=20 the sun shines for all http://wperf.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTi=fqSAMiGtGQO1%2Bt1QbhNY1m_S%2Bx294WX3zHpOK>