[Info-vax] Some of what I'm reading...
Arne Vajhøj
arne at vajhoej.dk
Mon May 21 14:42:52 EDT 2018
On 5/21/2018 11:53 AM, Stephen Hoffman wrote:
> On 2018-05-21 12:45:29 +0000, John E. Malmberg said:
>
>> On 5/21/2018 5:58 AM, Arne Vajhøj wrote:
>>> On 5/20/2018 11:57 PM, John E. Malmberg wrote:
>>>> On 5/20/2018 7:36 PM, Arne Vajhøj wrote:
>>> I think vendor supplied CA certificates is mostly a browser thing.
>> Not just browsers. It is used for Java, curl, wget, and any
>> application that uses OpenSSL directly or indirectly through libcurl,
>> like git, pypi, etc.
>
> Correct. It's anything that needs a secure connection, and servers need
> more than a few secure connections.
> There's also that servers increasingly use HTTPS for server-to-server
> communications. Those "browser things" are increasingly also "server
> things".
Yes.
But it is really that common for trusted server applications to
use the traditional browser logic "I accept all certificates from
all CA's in my OS vendors list"?
I would have expected them to do a more custom check for a specific
certificate.
Arne
More information about the Info-vax
mailing list