SSL is broken on FreeBSD
Peter Jeremy
peterjeremy at acm.org
Mon Apr 4 20:57:10 UTC 2011
On 2011-Apr-02 08:37:36 +0100, Miguel Lopes Santos Ramos <mbox at miguel.ramos.name> wrote:
>The only root CAs that could be included by default would be those of
>governments (but which governments do you trust?) and things like
>CAcert.org.
Actually, there was a certificate port that included CAcert.org but
the port was dropped for various reasons. And Mozilla doesn't
currently trust CAcert.org so why should FreeBSD? (Note that Mozilla
has defined an audit process to verify CAs and CAcert.org is slowly
working towards compliance).
It has occurred to me that maybe the FreeBSD SO should create a root
cert and distribute that with FreeBSD. That certificate would at
least have the same trust level as FreeBSD.
--
Peter Jeremy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20110404/dab5bf93/attachment.pgp
More information about the freebsd-security
mailing list