RFC: Proposal: Install a /etc/ssl/cert.pem by default?
Garrett Wollman
wollman at bimajority.org
Thu Jul 3 22:25:26 UTC 2014
<<On Fri, 4 Jul 2014 00:14:48 +0200, Daniel Roethlisberger <daniel at roe.ch> said:
> [1] There is no such thing as a perfect CA bundle (i.e. both
> secure *and* usable) given how broken the whole CA system is
> these days.
So is anyone working on DANE support in libfetch and other base-system
utilities? Let's lead on this rather than just flaming about how CAs
suck....
-GAWollman
More information about the freebsd-security
mailing list