From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-wm1-f47.google.com ([209.85.128.47]) by ewsd; Mon Jul 20 11:32:23 EDT 2020
Received: by mail-wm1-f47.google.com with SMTP id 17so25589753wmo.1
        for <9front@9front.org>; Mon, 20 Jul 2020 08:32:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to;
        bh=Msd5RYJx2JqHLBPEF+Tt3GTt3uB+Nkzrrd6a/HFVBLA=;
        b=CCxFYhigCFGMgU+pMMfGjVCx3Tnc6/ZtrqPP2uL7HKawI5DBPrnIcreuMpvYIFAbK/
         zvTNio23eLQrwKPhbIewpjrmBY5dua+IQEsFdQHLgbioMUnEhMu1gGBDaj7dlAJaSJ83
         asTIt/2/9bO1XvbodOk6yHI+pI4DcWvd95jeo4n7oLBBeaEignPhH8oMYVHJ5f4exHH/
         Bg6ZREDW0VYbv1y/DcH65WNU8YUEzDYKMw+Iqc0AnO259HfZ2nOVm7zw3l30glaxkhy8
         kOlIOLFF7TYo6U1/kEPPWty7zVZvKeXGBaTHYKSGWqPdpm6OdUMtQGPBko1uKJRNGALC
         FP+Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to;
        bh=Msd5RYJx2JqHLBPEF+Tt3GTt3uB+Nkzrrd6a/HFVBLA=;
        b=bbNihrMAQungfVacGX3liqmEjZTO49Py8+aHl9WcDWAcnGamUsslJnseUdzhQ9dALT
         UBY6RiENhdb2p1dtMdXvkdSm28j9QB35kcXRDCqUjj2GsN43UaWuptu4xZzNlyeDmAzO
         4Op0FTZj3mhxhZ23duS2frRKl6cSS/jUNMGpE3xJuLm2VsUiAKBTv8YDch38/nUX8HZ0
         8I/zPUw/IfXUW5ahEWF5WLPXoWHFn1t+HOg+eulgMJ26PL40GA4WOnuI8l2QvrfkvBIE
         /0ZcQtHv2Pju1/HfKxcDJZ/8MV5JRTIHTSubm6q+x1dB19c2ZwK3H+S3MqIY0T528i9t
         D/Eg==
X-Gm-Message-State: AOAM532vioky0wDRHgrg0nssBb/qS9JQfXlbHE7SfpbLPrYCzN1pvXCm
	UnkUslxGXnWYm+o3yJoOIFma5rKuNU9oKtB5g73pfQOW
X-Google-Smtp-Source: ABdhPJwErrWhqAuh/6QtTllrs++z9cDdT0pc5N00e8w0S4NaHM8yob6Ew+h8kiIRBJDRW3k293GYIPPdeow3o90CtS8=
X-Received: by 2002:a1c:303:: with SMTP id 3mr22758232wmd.180.1595259138371;
 Mon, 20 Jul 2020 08:32:18 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:adf:fd51:0:0:0:0:0 with HTTP; Mon, 20 Jul 2020 08:32:17
 -0700 (PDT)
In-Reply-To: <B85B65A6162E76DCA6BD621B5104C1B3@eigenstate.org>
References: <20200720150501.GA1831@polynum.com> <B85B65A6162E76DCA6BD621B5104C1B3@eigenstate.org>
From: hiro <23hiro@gmail.com>
Date: Mon, 20 Jul 2020 17:32:17 +0200
Message-ID: <CAFSF3XNzBudBF1=kVx89Pw7e6_uWqzQq6rBKgbk0bX2HbPkOVw@mail.gmail.com>
Subject: Re: [9front] patch smtp: ignore unrecognized certificates
To: 9front@9front.org
Content-Type: text/plain; charset="UTF-8"
List-ID: <9front.9front.org>
List-Help: <http://lists.9front.org>
X-Glyph: ➈
X-Bullshit: AJAX dependency general-purpose locator 

> a problem everyone else seems to have solved.
you call that solved?!

i think it's the opposite, as it makes it worse giving people false
sense of security.

On 7/20/20, ori@eigenstate.org <ori@eigenstate.org> wrote:
>> The problem is that if there is a chain, you need to trust the root you
>> finally end with. So whether this is a volunteers based C.A. or a
>> professional paying one.
>
> Yes -- it'd mean distributing the usual set of trusted root certs
> with the OS. Probably lifting /etc/ssl/cert.pem from a Unix box.
>
> It also sucks, but it's a problem everyone else seems to have solved.
>
>