On 05/04/11 06:57 +1000, Peter Jeremy wrote:
On 2011-Apr-02 08:37:36 +0100, Miguel Lopes Santos Ramos <m...@miguel.ramos.name> wrote:The only root CAs that could be included by default would be those of governments (but which governments do you trust?) and things like CAcert.org.Actually, there was a certificate port that included CAcert.org but the port was dropped for various reasons. And Mozilla doesn't currently trust CAcert.org so why should FreeBSD? (Note that Mozilla has defined an audit process to verify CAs and CAcert.org is slowly working towards compliance). It has occurred to me that maybe the FreeBSD SO should create a root cert and distribute that with FreeBSD. That certificate would at least have the same trust level as FreeBSD. -- Peter Jeremy
But what would that CA trust? You'd then find yourself back in the original debate of what is considered trustworthy, which I agree is an issue for the user and not for the distribution. Out of idle curiosity, what does OpenBSD ship with their SSL implementation? richo --richo || Today's excuse:
We didn't pay the Internet bill and it's been cut off.
signature.asc
Description: Digital signature
