[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Shipping SSL certificates in the base system
> There are other stories as well, but that's a good illustration of
> why it's a bad idea to just hand over a bunch of CA's to users without
> any mechanism for keeping the CA database, and CRL's, up to date.
I expected this argument, but it is finally irrelevant. This is because most users do one of two things:
(a) do nothing and effectively trust all certificates, because none are installed;
(b) install the mozilla-rootcerts package and trust the mozilla set.
(c) users who consciously select a subset of those certificates — probably a tiny minority.
Compare with root certificates in the base system:
Users in (a) gain cert verification. Users in group (b) do not have to do a manual step. Users in group (c) lose nothing, because they still can futz with root certificates manually.
I assert that having a somewhat outdated set of Mozilla’s root certificates is better than having none at all and implicitly trusting everyone — or worse, trusting no one and having, say, Mercurial refuse to clone repos over https by default.
Main Index |
Thread Index |