Yep, SSL is broken. This why the top500 companies are using it to secure their business. I hope you have something better what we could implement tomorrow deprecating SSL.
Send the RFC please. :) Thank you in advance. I. On Fri, Apr 1, 2011 at 4:33 PM, Chad Perrin <per...@apotheon.com> wrote: > On Fri, Apr 01, 2011 at 03:33:15PM +0100, István wrote: > > > > FreeBSD ships OpenSSL but it is broken because there is no CA. Right, > > it is like shipping a car without wheels, I suppose. > > Err . . . now. SSL isn't broken, any more than vi is broken just because > it doesn't ship with text files for you to edit. It would be more like > shipping a car without giving you a list of roads on which the > manufacturer suggests you use it. > > > > > > Is there a reason to do this? > > I don't know. Maybe the guys who made that decision thought that users > should be able to make their own decisions about who to trust, rather > than relying on Verisign to make that decision for them. I'm just > speculating wildly -- I actually have no idea. > > -- > Chad Perrin [ original content licensed OWL: http://owl.apotheon.org ] > -- the sun shines for all http://wperf.com/ _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
