Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking.

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking.

From:	Ted Zlatanov
Subject:	Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking.
Date:	Wed, 08 Oct 2014 10:56:27 -0400
User-agent:	Gnus/5.130012 (Ma Gnus v0.12) Emacs/24.4.50 (darwin)

On Wed, 08 Oct 2014 16:09:20 +0200 Lars Magne Ingebrigtsen <address@hidden> 
wrote: 

LMI> I don't see why the application would need to know much, if anything,
LMI> about it.  `open-network-stream' would say "Invalid certificate.  (Bla
LMI> bla.)  Connect anyway?" and the user would type `y' or `n'.

LMI> I can't really see how that would disturb smtpmail, Gnus, nnimap, pop3,
LMI> rmail, erc or any other application I can think of...

What about `emacs --batch'? That change would affect the URL retrieval
code and thus unattended package installs for instance. Do you just
reject certificates in batch mode? Or add a `--tofu-accept=SERVER_REGEX'
option to Emacs for batch mode?

Ted

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., (continued)
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Ted Zlatanov, 2014/10/08
  - Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Toke Høiland-Jørgensen, 2014/10/08
    - Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Ted Zlatanov, 2014/10/08
    - Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Toke Høiland-Jørgensen, 2014/10/08
    - Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Lars Magne Ingebrigtsen, 2014/10/08

Prev by Date: Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking.
Next by Date: Re: Emacs Lisp's future
Previous by thread: Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking.
Next by thread: Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking.
Index(es):
- Date
- Thread