Thanks to Bennie for starting off this discussion. My apologies for
derailing things with the tzdata allusion.
I think we're all aware of the nature of trust wrt these certs. So
quite why everyone is shouting "THESE CERTS MIGHT BECOME STALE OR
UNTRUSTED, SO IT IS FAR BETTER TO CONTINUE TO TRUST EV
On 07/06/17 02:04, Alistair Crooks wrote:
> Distributing mozilla root certs is hardly "TNF takes on the role of a
> trusted CA source".
Granted, I'm a biased because of $dayjob, but in my view someone
handing me a bunch of CA certificates as part of an installation is by
definition taking on th
Distributing mozilla root certs is hardly "TNF takes on the role of a
trusted CA source".
And we need to start thinking laterally here. Certs are necessarily
transitory, and we wish any form of added trust to be enduring over a
period of time.
+ Can we use ssh fingerprints of project machines as
On Wed, 5 Jul 2017, Pierre Pronchery wrote:
Here's a thing: most users do not have the tiniest clue that there is such a
thing as SSL, even less X.509, certificates or authorities for that matter.
Maybe on Ubuntu, but I kind of think the bar for entry is a little
higher for BSD.
--
Hisashi T
Hi everyone,
On 04/07/2017 23:02, Jan Danielsson wrote:
On 07/04/17 21:15, Benny Siegert wrote:
There are other stories as well, but that's a good illustration of
why it's a bad idea to just hand over a bunch of CA's to users without
any mechanism for keeping the CA da
On 07/04/17 21:15, Benny Siegert wrote:
>> There are other stories as well, but that's a good illustration of
>> why it's a bad idea to just hand over a bunch of CA's to users without
>> any mechanism for keeping the CA database, and CRL's, up to date.
>
> I expected this argument, but it is fin
