SSL is broken on FreeBSD

Dan Lukes dan at
Wed Apr 6 01:01:33 UTC 2011

On 6.4.2011 2:15, Chuck Swiger:
>> 2. Such link will affect all users of system. Decision "what CA is trustful" should remain personal decision, not the system administrator decision, by default
> There are differences between your personal machine, for which you as an individual are welcome to make all of the decisions, and a managed box which is owned by a company which might have a specific PKI infrastructure which is needed for the machine to be usable for it's intended role.

I has been network administrator in bank. Be sure that "instalation of a 
data pack" is very different task that "change security related behavior 
of program that may/will affect all users".

In the environment you mentioned, e.g. company taking security questions 
seriously, the skilled administrator (and/or security officer) will 
evaluate the situation and will create the link that affect all users, 
if apropriate.

It will not be interested in blind "automagic" change.

As I said before. Instalation of CA bundle SHOULD NOT affect all users 
automatically. The "pkg_add" don't know who install such pack nor why 
such pack is installed for so it can't decide the answer.

Just my $0.02


More information about the freebsd-security mailing list