SSL is broken on FreeBSD
Dan Lukes
dan at obluda.cz
Wed Apr 6 01:01:33 UTC 2011
On 6.4.2011 2:15, Chuck Swiger:
>> 2. Such link will affect all users of system. Decision "what CA is trustful" should remain personal decision, not the system administrator decision, by default
> There are differences between your personal machine, for which you as an individual are welcome to make all of the decisions, and a managed box which is owned by a company which might have a specific PKI infrastructure which is needed for the machine to be usable for it's intended role.
I has been network administrator in bank. Be sure that "instalation of a
data pack" is very different task that "change security related behavior
of program that may/will affect all users".
In the environment you mentioned, e.g. company taking security questions
seriously, the skilled administrator (and/or security officer) will
evaluate the situation and will create the link that affect all users,
if apropriate.
It will not be interested in blind "automagic" change.
As I said before. Instalation of CA bundle SHOULD NOT affect all users
automatically. The "pkg_add" don't know who install such pack nor why
such pack is installed for so it can't decide the answer.
Just my $0.02
Dan
More information about the freebsd-security
mailing list