Date: Sat, 5 Jul 2014 10:43:16 +0200 From: Axel Rau <Axel.Rau@Chaos1.DE> To: FreeBSD-security@FreeBSD.org Subject: Re: RFC: Proposal: Install a /etc/ssl/cert.pem by default? Message-ID: <A640A06B-4A40-4086-A5C0-3F32FF62BFD0@Chaos1.DE> In-Reply-To: <21429.55379.293697.133423@hergotha.csail.mit.edu> References: <53B499B1.4090003@delphij.net> <53B4B7FB.6070407@FreeBSD.org> <53B56F49.7030109@FreeBSD.org> <CAF6rxgmsoJCnCpnGKUXe0jnPEgGNm3BB_SF73vLOkK5X9pOoPw@mail.gmail.com> <20140703221448.GA99094@calvin.ustdmz.roe.ch> <21429.55379.293697.133423@hergotha.csail.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Am 04.07.2014 um 00:25 schrieb Garrett Wollman <wollman@bimajority.org>: > <<On Fri, 4 Jul 2014 00:14:48 +0200, Daniel Roethlisberger <daniel@roe.= ch> said: >=20 >> [1] There is no such thing as a perfect CA bundle (i.e. both >> secure *and* usable) given how broken the whole CA system is >> these days. >=20 > So is anyone working on DANE support in libfetch and other base-system > utilities? Let's lead on this rather than just flaming about how CAs > suck=E2=80=A6. +1 DANE is the route to go in the future. It perfectly matches the use case discussed here. Axel =2D-- PGP-Key:29E99DD6 =E2=98=80 +49 151 2300 9283 =E2=98=80 computing @ = chaos claudius
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?A640A06B-4A40-4086-A5C0-3F32FF62BFD0>