閱讀文章 - 看板 FB_security

發信人lists@eitanadler.com (Eitan Adler),

看板FB_security

標題Re: RFC: Proposal: Install a /etc/ssl/cert.pem by default?

發信站NCTU CS FreeBSD Server (Thu Jul 3 02:47:37 2014)

轉信站ptt!csnews.cs.nctu!news.cednctu!FreeBSD.cs.nctu!.POSTED!freebsd.org!ow

On 2 July 2014 17:26, Dan Lukes <dan@obluda.cz> wrote: > On 07/03/14 01:45, Xin Li: > >> 1. Import a set of trusted root certificates > > > > Question is imminent ... > > Trusted by whom ? IMHO, it is sane to follow the same policy that Mozilla follows and to use their root store by default. > If I consider a CA to be trustworthy, I will insert it's certificate to > trusted store. No one is welcomed to make such decision in behalf of me. So remove or edit the defaults. As for #4: I'm not sure I like the port touching the base system (even with an option) but I don't see a real alternative. -- Eitan Adler _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"