Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:72324
Return-Path: <swhitemanlistens-software@cypressintegrated.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 35332 invoked from network); 6 Feb 2014 06:13:50 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 6 Feb 2014 06:13:50 -0000
Authentication-Results: pb1.pair.com header.from=swhitemanlistens-software@cypressintegrated.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=swhitemanlistens-software@cypressintegrated.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain cypressintegrated.com designates 173.1.104.101 as permitted sender)
X-PHP-List-Original-Sender: swhitemanlistens-software@cypressintegrated.com
X-Host-Fingerprint: 173.1.104.101 rproxy2-b-iv.figureone.com  
Received: from [173.1.104.101] ([173.1.104.101:59226] helo=rproxy2-b-iv.figureone.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id A5/D4-09398-C1823F25 for <internals@lists.php.net>; Thu, 06 Feb 2014 01:13:49 -0500
Received: from bad.dop.co ([108.12.130.219])
        by rproxy2-b-iv.figureone.com (Brand New Heavy v1.0) with ASMTP id SIT10642
        for <internals@lists.php.net>; Wed, 05 Feb 2014 22:13:42 -0800
Date: Thu, 6 Feb 2014 01:13:39 -0500
Reply-To: Sanford Whiteman <swhitemanlistens-software@cypressintegrated.com>
X-Priority: 3 (Normal)
Message-ID: <1386084526.20140206011339@cypressintegrated.com>
To: Pierre Joye <internals@lists.php.net>
In-Reply-To: <CAEZPtU7djiCn3hH+gRcXJdeLgo=z-zEvD9FFQz-Zqekh=EWePw@mail.gmail.com>
References: <CAH8Mpn=Kw9CCmpiXm-UE2s=GKFroTGczTr=ENczuAeiTCH6QwQ@mail.gmail.com> 
  <344075933.20140203143339@figureone.com>
  <CAH8MpnkuFDNzYi4enqqtQcmis08LyTWojV3DZrc_Mwim=aqvRQ@mail.gmail.com>
  <CAH8MpnnXag49Yw9yE2p=+h3X2caz6wwfiT8kLf8H_WxrwtjVNw@mail.gmail.com>
  <CAEZPtU7CciuHS+TDRKWZitBnmuGT3EN8wNmz=dXoP92g8Bs7mw@mail.gmail.com>
  <617796370.20140204005840@cypressintegrated.com>
  <CAEZPtU4Ed5ZM_5veS41u=O26UvXnYCGS=XSDWaHJ5+7fJ6=+fw@mail.gmail.com>
  <52F098F7.7000901@lsces.co.uk>
  <CAEZPtU68J_r-GnnwyS1KryLm7nzmxqLz9KKuiNZ1Ygc2Zag85w@mail.gmail.com>
  <52F09D64.9020803@lsces.co.uk>
  <CAEZPtU4n_WnZHvU1GhDwF0jQPHKt=F9mqrYZTh9=58mE9Wz1Nw@mail.gmail.com>
  <52F0A501.8030105@lsces.co.uk>
  <CAEZPtU4N0eCQb8pXUxruovQytGazkjBaNU=ji5vxVxorBYJdDQ@mail.gmail.com>
  <52F0ACC6.8030409@lsces.co.uk>
  <CAEZPtU7djiCn3hH+gRcXJdeLgo=z-zEvD9FFQz-Zqekh=EWePw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] Re: Windows Peer Verification
From: swhitemanlistens-software@cypressintegrated.com (Sanford Whiteman)

Hey Pierre, re: the script to download the trusted CA bundle, how do
you propose to make *that* connection secure the first time?

Not being facetious. I was convinced (albeit suddenly) by Padraic's
argument that all fault for insecure remote transfers lies with the
developer as long as secure options exist. How do we avoid being that
same kind of developer? Neither plain-text download nor unverified TLS
should be used for the trusted CA root list. The ability to tamper
with that download would be catastrophic.

If we can't ship the CA bundle and can't ship even the CA cert for the
site we choose to deliver the bundle, I think it's better to give
people the URL and tell them to use a browser (which will perform
verification).

I was poking around and noticed that Mono's CLI for fetching the CA
bundle (in this case Mozilla's) uses a plain http:// URL. I find this
to be rather bizarre under the circumstances.
[http://linux.die.net/man/1/mozroots]

-- S.