SSL is broken on FreeBSD
Garrett Wollman
wollman at bimajority.org
Tue Apr 5 01:58:55 UTC 2011
<<On Tue, 5 Apr 2011 09:05:47 +1000, richo <richo at psych0tik.net> said:
> On 05/04/11 06:57 +1000, Peter Jeremy wrote:
>> It has occurred to me that maybe the FreeBSD SO should create a root
>> cert and distribute that with FreeBSD. That certificate would at
>> least have the same trust level as FreeBSD.
>>
>> --
>> Peter Jeremy
> But what would that CA trust?
The certificates he also generates for services like freebsd-update
and portsnap. And probably also a certificate for use in email to the
security-officer role, so that those benighted people who only have
access to S/MIME email can still send him private messages. Ideally
it would also be used to sign the CHECKSUMS files on the FTP site, so
that the installer could check whether it was talking to an authentic
mirror site and ask the user what to do.
-GAWollman
More information about the freebsd-security
mailing list