Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:70725
Return-Path: <rdlowrey@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 87444 invoked from network); 18 Dec 2013 03:15:03 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 18 Dec 2013 03:15:03 -0000
Authentication-Results: pb1.pair.com header.from=rdlowrey@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=rdlowrey@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.223.177 as permitted sender)
X-PHP-List-Original-Sender: rdlowrey@gmail.com
X-Host-Fingerprint: 209.85.223.177 mail-ie0-f177.google.com  
Received: from [209.85.223.177] ([209.85.223.177:45038] helo=mail-ie0-f177.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 7B/D7-32483-63311B25 for <internals@lists.php.net>; Tue, 17 Dec 2013 22:15:02 -0500
Received: by mail-ie0-f177.google.com with SMTP id tp5so9600994ieb.36
        for <internals@lists.php.net>; Tue, 17 Dec 2013 19:14:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:date:message-id:subject:from:to:content-type;
        bh=B4vI9CBpSjH4cdVUeTEy5LCq9BOtVWXVy5hEdY/7Uzc=;
        b=Frp0otgBVSn594jtPd4Z0pfYEQSmDBWHTVplAA1RnOydD+E7T0So+wkrMTXSisAepr
         dkNiHuY6U9dft/E6WFH0XJEojcCpcrsodEfQsMVT5GqewE9trqbedVsSUTrywze2RRoF
         quhtSJS0WJpIv4BIbXUm2zuZ7qPvS170cYK7Xi5d0bxvflEaKj/fEjMGNV0k/RaG3AIB
         3bNqZbd09IW1nb4X6pL4GXfnMflgCinRAoOiH3r8XeTJvmwXX2EWBEh86HPIy1ckanN7
         LpuBobZiX8D417Y8ZFnyknTVnwNd/Xdg6pXqXuZZOS1SeQf6krDkt0oFE8oZYv60mYPJ
         lxHQ==
MIME-Version: 1.0
X-Received: by 10.43.182.74 with SMTP id pl10mr4697icc.70.1387336499310; Tue,
 17 Dec 2013 19:14:59 -0800 (PST)
Received: by 10.50.208.105 with HTTP; Tue, 17 Dec 2013 19:14:59 -0800 (PST)
Date: Tue, 17 Dec 2013 22:14:59 -0500
Message-ID: <CAH8Mpnktptu7NTfGGw8oM3me9KDvfWO8XY5L1wnE3rwwKnjcUw@mail.gmail.com>
To: "internals@lists.php.net" <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=001a11c357c839b84e04edc6735a
Subject: [UPDATE] [VOTE] TLS Peer Verification
From: rdlowrey@gmail.com (Daniel Lowrey)

--001a11c357c839b84e04edc6735a
Content-Type: text/plain; charset=ISO-8859-1

After some discussion in #php.pecl, the efforts of php.net's crack research
team (a.k.a. Joe Watkins) and a suggestion by Rasmus it was determined that
the original peer verification vote should be discarded in favor of
clarification.

The patch has been improved to obviate any need for manual CA management by
PHP itself. The new implementation takes advantage of OS and distro-managed
CA stores. As a result, users with a distro-packaged PHP version will see
most existing code work without any modifications while retaining control
of the implementation on a case-by-case basis.

This is an ideal solution as it preserves BC for many (likely most)
scenarios while simultaneously improving security. The changes are clearly
marked and summarized in the updated RFC. The original vote has been closed
and the new vote consists of only two options: Yes or No.

Thanks for your time and apologies to those tasked with duplicating their
original voting efforts.

--001a11c357c839b84e04edc6735a--