From: Eli Zaretskii <eliz@gnu.org>
To: Lars Magne Ingebrigtsen <larsi@gnus.org>
Cc: tzz@lifelogs.com, toke@toke.dk, emacs-devel@gnu.org
Subject: Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking.
Date: Wed, 08 Oct 2014 16:38:10 +0300 [thread overview]
Message-ID: <838ukqk7gd.fsf@gnu.org> (raw)
In-Reply-To: <m3y4sqy9pk.fsf@stories.gnus.org>
> From: Lars Magne Ingebrigtsen <larsi@gnus.org>
> Cc: toke@toke.dk, tzz@lifelogs.com, emacs-devel@gnu.org
> Date: Wed, 08 Oct 2014 15:25:43 +0200
>
> Eli Zaretskii <eliz@gnu.org> writes:
>
> > So you want to return a descriptor for a connection that failed
> > certificate validation, and let the application handle that?
>
> The other option is to have the C layer close the connection, signal an
> error, have `open-network-stream' query the user about the invalid
> certificate, the user says "connect anyway", and then we'd reconnect
> with other options.
>
> That seems less ... convenient.
>
> > That could work, but I don't know what security-wary people here will
> > tell about keeping such connections.
>
> I think I know. >"?
What happens if some stuff comes out of the stream that failed to be
validated, while Emacs negotiates with the user about what to do?
Normally, we would pass this stuff to whatever sentinel was defined,
or insert it into a buffer. Is that what you want?
> We're just moving the certificate handling up to the Lisp level --
> nothing more.
If what you want is to cause gnutls-boot call out to Lisp for
validation as part of its normal path, then that's fine, I think. But
it does mean that we have no stream until the entire validation
completes. My understanding of what was being suggested here was that
this is not what you have in mind:
> Right, so (just to make sure I'm understanding you right), what you
> propose is to get rid of all the current validation logic in C (i.e the
> erroring out) and just return something like (<cert hash> <cert
> hostname> <CA validity status>) -- and then make the lisp code work out
> the rest?
>
> Right now it seems the C code refuses to even return the opened network
> stream object if validation fails; with this, that would have to change,
> and the C code wouldn't make any policy decisions?
That doesn't sound to me like "just moving the certificate handling up
to the Lisp level".
next prev parent reply other threads:[~2014-10-08 13:38 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-07 21:16 [PATCH RFC] GnuTLS: Support TOFU certificate checking Toke Høiland-Jørgensen
2014-10-07 21:35 ` Lars Magne Ingebrigtsen
2014-10-07 21:55 ` Toke Høiland-Jørgensen
2014-10-08 11:53 ` Lars Magne Ingebrigtsen
2014-10-08 11:58 ` Lars Magne Ingebrigtsen
2014-10-08 12:10 ` Toke Høiland-Jørgensen
2014-10-08 12:18 ` Lars Magne Ingebrigtsen
2014-10-08 12:39 ` Toke Høiland-Jørgensen
2014-10-08 12:42 ` Lars Magne Ingebrigtsen
2014-10-08 12:53 ` Eli Zaretskii
2014-10-08 12:56 ` Lars Magne Ingebrigtsen
2014-10-08 13:03 ` Eli Zaretskii
2014-10-08 13:06 ` Lars Magne Ingebrigtsen
2014-10-08 13:17 ` Eli Zaretskii
2014-10-08 13:25 ` Lars Magne Ingebrigtsen
2014-10-08 13:38 ` Eli Zaretskii [this message]
2014-10-08 13:47 ` Lars Magne Ingebrigtsen
2014-10-08 13:59 ` Toke Høiland-Jørgensen
2014-10-08 14:05 ` Lars Magne Ingebrigtsen
2014-10-08 14:01 ` Eli Zaretskii
2014-10-08 14:09 ` Lars Magne Ingebrigtsen
2014-10-08 14:11 ` Eli Zaretskii
2014-10-08 14:56 ` Ted Zlatanov
2014-10-08 15:31 ` Lars Magne Ingebrigtsen
2014-10-08 15:37 ` Ted Zlatanov
2014-10-09 2:43 ` Stephen J. Turnbull
2014-10-09 13:17 ` Ted Zlatanov
2014-10-08 13:28 ` Toke Høiland-Jørgensen
2014-10-08 14:52 ` Ted Zlatanov
2014-10-08 15:19 ` Toke Høiland-Jørgensen
2014-10-08 15:45 ` Ted Zlatanov
2014-10-08 16:09 ` Toke Høiland-Jørgensen
2014-10-08 16:52 ` Lars Magne Ingebrigtsen
2014-10-08 17:07 ` Toke Høiland-Jørgensen
2014-10-09 13:10 ` Ted Zlatanov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=838ukqk7gd.fsf@gnu.org \
--to=eliz@gnu.org \
--cc=emacs-devel@gnu.org \
--cc=larsi@gnus.org \
--cc=toke@toke.dk \
--cc=tzz@lifelogs.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).