RFC: Proposal: Install a /etc/ssl/cert.pem by default?

Sat Jul 5 09:22:59 UTC 2014

On 2014-07-05 Sat 10:43:16 +0200, Axel Rau wrote:
>
> Am 04.07.2014 um 00:25 schrieb Garrett Wollman <wollman at bimajority.org>:
>
> > <<On Fri, 4 Jul 2014 00:14:48 +0200, Daniel Roethlisberger <daniel at roe.ch> said:
> >
> >> [1] There is no such thing as a perfect CA bundle (i.e. both
> >>    secure *and* usable) given how broken the whole CA system is
> >>    these days.
> >
> > So is anyone working on DANE support in libfetch and other base-system
> > utilities?  Let's lead on this rather than just flaming about how CAs
> > suck….
> +1 DANE is the route to go in the future.
> It perfectly matches the use case discussed here.

+1