Re: Shipping SSL certificates in the base system

To: tech-userlevel%NetBSD.org@localhost
Subject: Re: Shipping SSL certificates in the base system
From: David Holland <dholland-tech%netbsd.org@localhost>
Date: Mon, 3 Jul 2017 01:01:16 +0000

On Mon, Jul 03, 2017 at 12:56:38AM +0000, Emmanuel Dreyfus wrote:
 > On Mon, Jul 03, 2017 at 12:45:17AM +0200, Joerg Sonnenberger wrote:
 > > The only problem I see is that outdated timezone data doesn't
 > > necessarily have a real world impact. Outdated root CAs can.
 > 
 > Most of the time, outdated things in a system is dangerous. Known 
 > security vulnearbilities accumulate over the time, and outdated
 > CA are just a bit of that problem. 
 > 
 > Oudated stuff that is not a security hazard, like timezone data,
 > is rather scarce.

Most outdated stuff is also not as serious a hazard as bad CA keys.

-- 
David A. Holland
dholland%netbsd.org@localhost

Follow-Ups:
- Re: Shipping SSL certificates in the base system
  - From: Jan Danielsson

References:
- Shipping SSL certificates in the base system
  - From: Benny Siegert
- Re: Shipping SSL certificates in the base system
  - From: Joerg Sonnenberger
- Re: Shipping SSL certificates in the base system
  - From: Emmanuel Dreyfus

Prev by Date: Re: Shipping SSL certificates in the base system
Next by Date: Re: randomness (crypto?) code example wanted please?
Previous by Thread: Re: Shipping SSL certificates in the base system
Next by Thread: Re: Shipping SSL certificates in the base system
Indexes:

Home | Main Index | Thread Index | Old Index