On Sat, Jan 07, 2017 at 05:42:24PM -0500, Jacob L. Leifman wrote:

> Most of the time I agree with this particular attitude and it is indeed 
> appropriate for the OP case. However, there some major networks such as 
> various governments (or for example .mil) that do not participate in 
> the public PKI but run their own PKI infrastructure. What effect will 
> the installer's checks have in that environment? What workarounds would 
> be reasonable and approriate? and does it make sense for OpenBSD to 
> support such scenarios out-of-the-box to promote wider adoption of 
> better software?

That's not a good reason, since in the case of what I am describing they
would *still be depending on the public PKI infrastrucure* to publish
their own list of signers..  No.. they aren't going to do that.. Sorry, 
Unless you're mailing me from a .mil address I think you might
be imagining this usage case. 

they're probably building from source, or have the wherewithall to roll
their own bsd.rd if they care about doing this. 



Reply via email to