Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mastodon.social/users/hyc/statuses/114126816743150246">Howard Chu @ Symas (hyc@mastodon.social)'s status on Saturday, 08-Mar-2025 21:38:04 JST</a><a href="https://mastodon.social/@hyc" title="hyc@mastodon.social"><img src="https://gnusocial.jp/avatar/29613-48-20221117233524.webp" width="48" height="48" alt="Howard Chu @ Symas" style="position: absolute; left: 0; top: 0;">Howard Chu @ Symas</a><div><a href="https://hachyderm.io/@dalias/114126729877143984" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/40873" title="dalias@hachyderm.io">Rich Felker</a></li></ul></div></section><article><p><a href="https://hachyderm.io/@dalias">@dalias</a> <a href="https://mastodon.social/@bagder">@bagder</a> this is why the entire notion of system-wide trust stores is so ludicrous. It comes from the mindset of web browser developers only, who want their client to be able to talk to any server without hassles. But for any other client-server application, you only want a specific set of clients talking to a specific set of servers, and therefore should have app-specific trust config. Esp if using cert-based client authent, you only want to trust one specific issuing CA.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4696200#notice-9195256">In conversation</a><time datetime="2025-03-08T21:38:04+09:00" title="Saturday, 08-Mar-2025 21:38:04 JST">about a month ago</time> <span>from <span><a href="https://mastodon.social/@hyc/114126816743150246" rel="external" title="Sent from mastodon.social via ActivityPub">mastodon.social</a></span></span><a href="https://mastodon.social/@hyc/114126816743150246">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Howard Chu @ Symas (hyc@mastodon.social)'s status on Saturday, 08-Mar-2025 21:38:04 JSTHoward Chu @ Symas
in reply to
- daniel:// stenberg://
- Rich Felker
@dalias @bagder this is why the entire notion of system-wide trust stores is so ludicrous. It comes from the mindset of web browser developers only, who want their client to be able to talk to any server without hassles. But for any other client-server application, you only want a specific set of clients talking to a specific set of servers, and therefore should have app-specific trust config. Esp if using cert-based client authent, you only want to trust one specific issuing CA.
In conversationabout a month ago from mastodon.socialpermalink

Public

Embed Notice

HTML Code

Corresponding Notice