[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: wget2 | New option --dane (!522)
From: |
@rockdaboot |
Subject: |
Re: wget2 | New option --dane (!522) |
Date: |
Sun, 30 Apr 2023 13:03:46 +0000 |
Tim Rühsen commented on a discussion:
https://gitlab.com/gnuwget/wget2/-/merge_requests/522#note_1373360359
Thank you so much for your critical review and the detailed information you
give, @dviktor !
TBH, I knew there was much more to do and the current implementation (marked
explicitly as *experimental*) is indeed just a "quick shot" to get DANE started
:innocent:. At least the only known wget2 DANE user seems to be happy
:slight_smile:.
You already raise several open questions and issues that need to be solved
next. I'll create a prioritized tasklist, that can be worked on step by step (I
mostly have 1-2h time per week, but maybe someone else can chime in then).
The actual design goal definitely was not to weaken WebPKI. The use case I had
in mind which seems to be pretty common is e.g. statically linking an
executable an wrap it as a docker image without OS. Not needing a CA cert pool
makes this a bit more straight forward.
The side effect of weakening cert checking needs to be tackled as a next step.
--
Reply to this email directly or view it on GitLab:
https://gitlab.com/gnuwget/wget2/-/merge_requests/522#note_1373360359
You're receiving this email because of your account on gitlab.com.
- Re: wget2 | New option --dane (!522), (continued)
Re: wget2 | New option --dane (!522), @rockdaboot, 2023/04/23
Re: wget2 | New option --dane (!522), @rockdaboot, 2023/04/23
Re: wget2 | New option --dane (!522), @rockdaboot, 2023/04/23
Re: wget2 | New option --dane (!522), @rockdaboot, 2023/04/23
Re: wget2 | New option --dane (!522), Viktor Dukhovni (@dviktor), 2023/04/24