SSL is broken on FreeBSD
Miguel Lopes Santos Ramos
mbox at miguel.ramos.name
Sat Apr 2 07:37:48 UTC 2011
Sex, 2011-04-01 às 15:33 +0100, István escreveu:
> FreeBSD ships OpenSSL but it is broken because there is no CA. Right, it is
> like shipping a car without wheels, I suppose.
>
> Is there a reason to do this?
>
> How much effort would be to ship a complete SSL stack, including the root
> CAs, just like any other vendor/community does?
Yeah, maybe FreeBSD should ship with the same list of root CAs that
Internet Explorer does, so we can say FreeBSD is a compatible operating
system.
This is business, multi-million dollar business. Microsoft decides who
to trust on behalf of the consumer, and companies and governments all
over the world pay millions of dollars so their sites are "trusted".
The price of certificates from VeriSign is justified because everybody
trusts them, even though nobody ever thought about it.
That's dirty business.
And you think FreeBSD should "sugest" trust on these companies and get
nothing in return?
Or would they contribute a couple of millions to the FreeBSD Foundation?
The only root CAs that could be included by default would be those of
governments (but which governments do you trust?) and things like
CAcert.org.
--
Miguel Ramos <mbox at miguel.ramos.name>
PGP A006A14C
More information about the freebsd-security
mailing list