RFC: Proposal: Install a /etc/ssl/cert.pem by default?
Eitan Adler
lists at eitanadler.com
Thu Jul 3 01:48:09 UTC 2014
On 2 July 2014 17:26, Dan Lukes <dan at obluda.cz> wrote:
> On 07/03/14 01:45, Xin Li:
>
>> 1. Import a set of trusted root certificates
>
>
>
> Question is imminent ...
>
> Trusted by whom ?
IMHO, it is sane to follow the same policy that Mozilla follows and to
use their root store by default.
> If I consider a CA to be trustworthy, I will insert it's certificate to
> trusted store. No one is welcomed to make such decision in behalf of me.
So remove or edit the defaults.
As for #4: I'm not sure I like the port touching the base system (even
with an option) but I don't see a real alternative.
--
Eitan Adler
More information about the freebsd-security
mailing list