Hi All-
I am a graduate student at UIUC and am currently working on a system that
isolates the MMU from the rest of the FreeBSD kernel. For the purpose of
enabling privilege separtion within the kernel.
- This code is approximately 3k lines.
- This base system also provides kernel code
On 07/03/14 01:45, Xin Li:
1. Import a set of trusted root certificates
Question is imminent ...
Trusted by whom ?
Trust is matter of personal decision, local law and law that apply to
particular CA.
If I consider a CA to be trustworthy, I will insert it's certificate to
trusted store.
On 2 July 2014 17:26, Dan Lukes d...@obluda.cz wrote:
On 07/03/14 01:45, Xin Li:
1. Import a set of trusted root certificates
Question is imminent ...
Trusted by whom ?
IMHO, it is sane to follow the same policy that Mozilla follows and to
use their root store by default.
If I consider
+portmgr
On 7/2/2014 6:45 PM, Xin Li wrote:
Hi,
Currently, FreeBSD does not install a default /etc/ssl/cert.pem
because we do not maintain one ourselves. We do, however, provide a
port, security/ca_root_nss, which have an option to install a symbolic
link as /etc/ssl/cert.pem -
On 07/03/14 03:47, Eitan Adler:
IMHO, it is sane to follow the same policy that Mozilla follows and to
use their root store by default.
It's policy define very generic requirements only. Almost anyone can apply.
But I'm not going to discuss Mozila's policy here beyond my opinion that
it's
On Wed, Jul 02, 2014 at 04:45:53PM -0700, Xin Li wrote:
Hi,
Currently, FreeBSD does not install a default /etc/ssl/cert.pem
because we do not maintain one ourselves. We do, however, provide a
port, security/ca_root_nss, which have an option to install a symbolic
link as /etc/ssl/cert.pem -
I agree with Dan's comments as I don't really see the value in divesting
blanket trust to another party. But I appreciate the heads-up from
Xin Li, so I have the opportunity of moving my certs/CA/keys to a
different location.
___
