From: Chong Yidong <cyd@stupidchicken.com>
To: Ted Zlatanov <tzz@lifelogs.com>
Cc: emacs-devel@gnu.org
Subject: Re: url library and GnuTLS, and Emacs-issued certificates
Date: Wed, 23 Mar 2011 14:31:02 -0400 [thread overview]
Message-ID: <87hbatofix.fsf@stupidchicken.com> (raw)
In-Reply-To: <87ei5xsvl6.fsf@lifelogs.com> (Ted Zlatanov's message of "Wed, 23 Mar 2011 10:30:29 -0500")
Ted Zlatanov <tzz@lifelogs.com> writes:
> TZ> In any case, I think it's a good idea to set up an Emacs
> TZ> Certificate Authority (CA) so we can create certificates that
> TZ> Emacs will trust... It may make sense, though, to make this CA a
> TZ> facility for the whole GNU project and then the Emacs CA can be an
> TZ> intermediate CA hanging off that root CA. That should be decided
> TZ> before we start pushing out certificates, please, so we don't have
> TZ> to invalidate them later.
>
> Any opinions on this? It's really not hard to set up the CA stuff but
> I'd like to know what people think before I do it. It really seems
> like it should be a GNU-level or FSF-level facility.
I don't think setting up a GNU-wide CA is a good idea; it's mission
creep and the gains seem negligible. As for an Emacs-specific CA, I
don't know enough of the details of how CAs are maintained to evaluate
the proposal.
On reflection, the best solution is the one that needs the least work
from us. So it's probably best to ask the FSF sysadmins to request and
install a cert, as you originally suggested. Could you email them?
> This work is almost done. But probably a better approach than relying
> directly on gnutls.el is to make url.el use proto-stream.el from Gnus,
> which handles most of the connection details automatically whether Emacs
> has GnuTLS support build-in or not. I looked at it in order to make the
> new GnuTLS support work properly and it seems like a good general
> facility, not just for Gnus.
>
> proto-stream.el doesn't depend on any Gnus internals, it's a standalone
> library. It could live in net/ in the Emacs repo.
How bout merging the open-protocol-stream code directly into
open-network-stream? Then we can make open-protocol-stream an alias for
open-network-stream, and (provide 'proto-stream) in subr.el.
If the Gnus developers don't object, I propose to do this.
(Also, gnutls.el should be changed to explicitly recommend that
applications not use it directly, and we should merge net/tls.el and
gnus/starttls.el; those two packages appear to be duplicates.)
next prev parent reply other threads:[~2011-03-23 18:31 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-03-19 16:21 expand tls to elpa.gnu.org axel.junker
2011-03-21 18:28 ` Ted Zlatanov
2011-03-21 21:17 ` Chong Yidong
2011-03-21 22:33 ` url library and GnuTLS, and Emacs-issued certificates (was: expand tls to elpa.gnu.org) Ted Zlatanov
2011-03-23 15:30 ` url library and GnuTLS, and Emacs-issued certificates Ted Zlatanov
2011-03-23 18:31 ` Chong Yidong [this message]
2011-03-23 18:47 ` Ted Zlatanov
2011-03-23 19:20 ` Lars Magne Ingebrigtsen
2011-03-23 21:51 ` Chong Yidong
2011-03-24 4:55 ` Lars Magne Ingebrigtsen
2011-03-24 18:42 ` Chong Yidong
2011-03-24 19:45 ` Lars Magne Ingebrigtsen
2011-03-24 19:23 ` Chong Yidong
2011-03-24 19:33 ` Ted Zlatanov
2011-03-24 19:37 ` Lars Magne Ingebrigtsen
2011-03-26 23:32 ` Chong Yidong
2011-03-26 23:39 ` Lars Magne Ingebrigtsen
2011-03-27 1:23 ` Chong Yidong
2011-03-27 10:31 ` Lars Magne Ingebrigtsen
2011-03-27 0:20 ` Lars Magne Ingebrigtsen
2011-03-27 1:30 ` Chong Yidong
2011-03-27 10:36 ` Lars Magne Ingebrigtsen
2011-03-27 17:42 ` Chong Yidong
2011-03-28 0:34 ` Chong Yidong
2011-03-29 20:54 ` Lars Magne Ingebrigtsen
2011-03-30 2:20 ` Chong Yidong
2011-03-26 12:07 ` Ted Zlatanov
2011-03-26 13:39 ` Reiner Steib
2011-03-26 14:09 ` Ted Zlatanov
2011-03-28 6:51 ` Reiner Steib
2011-03-26 19:40 ` Tom Tromey
2011-03-26 23:36 ` Chong Yidong
2011-03-27 1:31 ` Tom Tromey
2011-03-27 1:52 ` Chong Yidong
2011-03-28 15:10 ` Ted Zlatanov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87hbatofix.fsf@stupidchicken.com \
--to=cyd@stupidchicken.com \
--cc=emacs-devel@gnu.org \
--cc=tzz@lifelogs.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).