Date: Thu, 3 Jul 2014 18:25:23 -0400 From: Garrett Wollman <wollman@bimajority.org> To: Daniel Roethlisberger <daniel@roe.ch> Cc: freebsd-security@freebsd.org Subject: Re: RFC: Proposal: Install a /etc/ssl/cert.pem by default? Message-ID: <21429.55379.293697.133423@hergotha.csail.mit.edu> In-Reply-To: <20140703221448.GA99094@calvin.ustdmz.roe.ch> References: <53B499B1.4090003@delphij.net> <53B4B7FB.6070407@FreeBSD.org> <53B56F49.7030109@FreeBSD.org> <CAF6rxgmsoJCnCpnGKUXe0jnPEgGNm3BB_SF73vLOkK5X9pOoPw@mail.gmail.com> <20140703221448.GA99094@calvin.ustdmz.roe.ch>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Fri, 4 Jul 2014 00:14:48 +0200, Daniel Roethlisberger <daniel@roe.ch> said: > [1] There is no such thing as a perfect CA bundle (i.e. both > secure *and* usable) given how broken the whole CA system is > these days. So is anyone working on DANE support in libfetch and other base-system utilities? Let's lead on this rather than just flaming about how CAs suck.... -GAWollman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?21429.55379.293697.133423>