tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Shipping SSL certificates in the base system

>   There are other stories as well, but that's a good illustration of
> why it's a bad idea to just hand over a bunch of CA's to users without
> any mechanism for keeping the CA database, and CRL's, up to date.

I expected this argument, but it is finally irrelevant. This is because most users do one of two things:

(a) do nothing and effectively trust all certificates, because none are installed;
(b) install the mozilla-rootcerts package and trust the mozilla set.
Maybe add
(c) users who consciously select a subset of those certificates — probably a tiny minority.

Compare with root certificates in the base system: 
Users in (a) gain cert verification. Users in group (b) do not have to do a manual step. Users in group (c) lose nothing, because they still can futz with root certificates manually.

I assert that having a somewhat outdated set of Mozilla’s root certificates is better than having none at all and implicitly trusting everyone — or worse, trusting no one and having, say, Mercurial refuse to clone repos over https by default.


Home | Main Index | Thread Index | Old Index