X-Original-To: alpine-devel@lists.alpinelinux.org Received: from mail-wm0-f46.google.com (mail-wm0-f46.google.com [74.125.82.46]) by lists.alpinelinux.org (Postfix) with ESMTP id 0A8A25C4E77 for ; Sat, 10 Feb 2018 19:07:08 +0000 (GMT) Received: by mail-wm0-f46.google.com with SMTP id r78so3138989wme.0 for ; Sat, 10 Feb 2018 11:07:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:subject:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=8l6yvlOChFz9LZyhziMvXMe3qCcd68mut0IUQXw0VN0=; b=RAeizuHq7C9U3JPZUVk5y4R5dBqCl5yGovC/EdJyrjgKwkFGHTPJaOmC9TXUC6Pt4N uL/pb4rajNUXvS/7BeNmal3483eRJVHs1q4eTCAGHprtQumcuke+0Y/xl7sO/zDnixc1 tqGV5dCLFqMkMQ+rJ8CuJsS6gdYz1DqiArPFukXNKh9h7uVkS9OA/HRX+tSO+FnyiQBO S19h6YXxy52BC4wCF2StQxTi6gnd93pCkc9OMsjnj9AEbmJbkvjbzJ8XosJbLlNUGnmF fOhDT8WRLNoXdDGTjq8P26cSaJ549wlHEKaQDEMvTdSyiEevrYKiB0AC43eULNDLcyrJ HHeA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:subject:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=8l6yvlOChFz9LZyhziMvXMe3qCcd68mut0IUQXw0VN0=; b=GntoDL+/ssR6Np358YWy9vjbl61hjU2g+aD8F8Z46TCbyLQlCeqbUT2BmRpVk1uBua xzFdvtPHNPICg++2jBwAlQJcqoIF1OuiAm/zrbqMjCcqIkqXMu+a7UUdRDB6uqyejvzr SrhyzytcaTA/BYFGtP8evYJTLVLzi/Bf9yadgVKrrJSsm4s19P++PYjyYxBWHG+KXjq3 bMPORKJ+g6grMjlE4Iof0+gUtIaO9MHxOLe3iPx0C2Vthy9IF+qoBo9Oklrlmu8FL/sd wuRTCsQqE2KfFXTXIy8+TVEoiI+aokn97aUzd8Xds6YXprNMPgJ0FqgBwLGy9svpsLUG fLLw== X-Gm-Message-State: APf1xPAlV8cOB/PwoNjFPQI5n+xKNA4KQxaFlMSvKtXpstiVIRgoGDc5 cdIPv5htPcZ2va2gQu46jX5JGIU= X-Google-Smtp-Source: AH8x227wk0p7Wj+1Cm8tYKuXvDOU+J0VP5C7KPQ51iCdeSXEokYSG8JMO4SDbhLY2amkfZcw4raC4g== X-Received: by 10.28.152.142 with SMTP id a136mr5074667wme.71.1518289627154; Sat, 10 Feb 2018 11:07:07 -0800 (PST) Received: from mechanicum.chadwicks.me.uk (mail.oesys.co. [82.71.11.172]) by smtp.gmail.com with ESMTPSA id 2sm4696249wra.58.2018.02.10.11.07.06 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 10 Feb 2018 11:07:06 -0800 (PST) Date: Sat, 10 Feb 2018 19:06:46 +0000 From: Kevin Chadwick To: alpine-devel@lists.alpinelinux.org Subject: Re: [alpine-devel] Proposed change: openssl 1.1 as default system openssl implementation Message-ID: <20180210190646.38ab746f@mechanicum.chadwicks.me.uk> In-Reply-To: <7f5961a9-e09e-8e1c-12b4-23ae56fce034@adelielinux.org> References: <20180209211237.19ab8fda@ncopa-macbook.copa.dup.pw> <20180210111715.144a571e@mechanicum.chadwicks.me.uk> <20180210141109.55695e19@mechanicum.chadwicks.me.uk> <20180210154513.66fa5b3a@mechanicum.chadwicks.me.uk> <7f5961a9-e09e-8e1c-12b4-23ae56fce034@adelielinux.org> X-Mailinglist: alpine-devel Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Sat, 10 Feb 2018 12:16:18 -0600 > I like how it was already pointed out, by you and possibly others, on > openbsd-misc *and* this list, that most people do not use the CA / SAN > verification routines correctly. >=20 Wasn't me! > Then you mention that "well, invalid certs like that shouldn't be > trusted". You missed the point entirely, he didn't ask the question. =46rom the commit message I'm inclined to think it clamps the year for good or bad but I was just pointing out his argument was potentially obviously flawed. OpenSSL only started in 1998! and any trusted CA that issues a pre 1970 cert is broken anyway. That was his assertion of it working that way and being insecure. The point wasn't that I knew but that he hadn't given LibreSSL the chance despite it's merits over OpenSSL. I assure you that LibreSSL devs know a lot more than us about LibreSSL. Not raising issue with them is arrogance. But yes, I use public key crypto not CA certificates for anything I implement, except a website where I hope letsencrypt start doing things properly and less traditionally. I actually don't care one bit aside from dev time wasted for a worse outcome. I simply saw a wrong > The problem with the OpenBSD community is not bluntness. Arrogance > and trolling are problems for me. And you know what? Honestly, I > don't find too many OpenBSD devs have that problem. Their users, > however...their users.... Atleast you did enter some discussion and William might have learnt that passing imsgs can be more secure and protect the keys! --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---