[NOTE: whatever I write below is *my* opinion. Period] In message <[EMAIL PROTECTED]> on Sun, 18 Aug 2002 21:32:43 -0400, Tom Zerucha <[EMAIL PROTECTED]> said:
tz> I don't know what the historic reasons for doing things a particular tz> way, but I would suggest the following (in order of importance): tz> tz> 1. Install the certs by default, I'm amazed by this statement. Are you seriously willing to give us that kind of trust, rather than installing whatever root certs you need yourself? I'm personally not at all sure I want to be given that kind of trust; I'm a developper, not a trusted certificate store care-taker (at least in the OpenSSL arena). Unfortunately, we've all been fooled into thinking that our software distributors should be points of distribution for trusted root certificates (meaning we implicitely trust Netscape Navigator/ Communicator, IE and whatnot to be truthful, even though there's no way in the world the distributors can guarantee that), and most of us are too lazy to deal with all of that properly. Ultimately, it is YOUR responsability, as a user, to assure the security of your installation, be it by doing it yourself or by hiring someone to do it for us. tz> or if there are nontechnical reasons not to, add something tz> prominent to the readmes and make process so that the certs tz> directory will be populated by the users or the distributor tz> creators. I personally have no real problem with writing an extra blurb on this. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See <http://www.stacken.kth.se/~levitte/mail/> for more info. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]