cURL / Mailing Lists / curl-library / Single Mail



From: Ralph Mitchell <>
Date: Fri, 13 May 2011 18:46:13 -0400

On Fri, May 13, 2011 at 6:07 PM, <> wrote:

> The whole point is to allow the user to decide which CA to trust and which
>> to not trust. Trust is a funny thing but you can't shove trust onto somebody
>> and force them to trust someone. That's not trust, that's something else.
> This is ok when the user is just a single person, we should of course
> trust him to do the right thing. But when the user is a large organization
> it is the authorities in that organization who determines who everyone
> in the organization should trust. Under that scenario, the individual
> user should not be allowed to tamper with the list of root CAs. This
> is the situation we are facing.

OK, I have to ask this - could you build your specific list of allowed CA
certs into the app and simply not go get the list from a
possibly-tampered-with external file??

Ralph Mitchell

List admin:
Received on 2011-05-14