Hey Pierre, re: the script to download the trusted CA bundle, how do
you propose to make *that* connection secure the first time?
Not being facetious. I was convinced (albeit suddenly) by Padraic's
argument that all fault for insecure remote transfers lies with the
developer as long as secure options exist. How do we avoid being that
same kind of developer? Neither plain-text download nor unverified TLS
should be used for the trusted CA root list. The ability to tamper
with that download would be catastrophic.
If we can't ship the CA bundle and can't ship even the CA cert for the
site we choose to deliver the bundle, I think it's better to give
people the URL and tell them to use a browser (which will perform
verification).
I was poking around and noticed that Mono's CLI for fetching the CA
bundle (in this case Mozilla's) uses a plain http:// URL. I find this
to be rather bizarre under the circumstances.
[http://linux.die.net/man/1/mozroots]
-- S.