Re: master 91c732f: Always check for client-certificates

unofficial mirror of emacs-devel@gnu.org 
 help / color / mirror / code / Atom feed

From: Michael Welsh Duggan <mwd@md5i.com>
To: Robert Pluim <rpluim@gmail.com>
Cc: 321942@gmail.com, Eli Zaretskii <eliz@gnu.org>,
	larsi@gnus.org, emacs-devel@gnu.org
Subject: Re: master 91c732f: Always check for client-certificates
Date: Tue, 19 Nov 2019 01:48:00 -0500	[thread overview]
Message-ID: <87sgmkgy5b.fsf@md5i.com> (raw)
In-Reply-To: <m2muctp3uy.fsf@gmail.com> (Robert Pluim's message of "Mon, 18 Nov 2019 17:05:09 +0100")

Robert Pluim <rpluim@gmail.com> writes:

>>>>>> On Mon, 18 Nov 2019 17:38:42 +0200, Eli Zaretskii <eliz@gnu.org> said:
>
>     >> From: Robert Pluim <rpluim@gmail.com>
>     >> Date: Mon, 18 Nov 2019 10:06:19 +0100
>     >> Cc: Dmitry Alexandrov <321942@gmail.com>, emacs-devel@gnu.org
>     >> 
>     Lars> I didn't realise that this would mean accessing the .authinfo.gpg file
>     Lars> by default for https connections.  I don't think that's a
>     Lars> good idea, so
>     Lars> network-stream-use-client-certificates has to default to nil.
>     >> 
>     >> I can flip the default if thatʼs the consensus.
>
>     Eli> If everyone agrees with Lars, then we have a consensus.  But if you
>     Eli> disagree, I'd like to hear your arguments (and anyone else's really),
>     Eli> before we decide what is the consensus.
>
> I'm doubly biased: I implemented it, and I read email in Emacs, so
> .authinfo.gpg gets decrypted for me anyway, so having it done for eww
> or package-list-packages is a no-op, which means I disagree, but not
> strongly.
>
> The reason for the feature is to make it easy to use certificates:
> just add the right stuff to .authinfo.gpg, and everything else happens
> by itself, much like usernames/passwords when sending
> email.
>
> Defaulting it to off means more configuration burden on the user.
> Defaulting it to on means that some people who object to it need to
> customize auth-sources and/or network-stream-use-client-certificates.

Would it be difficult (or a bad idea) to make it such that the first
time someone uses a package that might want to use .authinfo.gpg for
private information, a separate prompt comes up asking whether people
want to load their .authinfo.gpg this time, not this time, every time
(and don't ask again), or never (and don't ask again)?  This one prompt
can be verbose, popping up a window with an explanation, with the
understanding that the user can make an informed choice and not have to
do this again.  This may be clunky, but this is the simplest way I can
think of to "have your cake and eat it too."

This seems similar to the "how do I set up email to work the first time
when I send an Emacs bug report" problem.  It also is similar to the
sort of thing that is done when someone visits a site with self-signed
certificates and suchlike.

-- 
Michael Welsh Duggan
(md5i@md5i.com)

next prev parent reply	other threads:[~2019-11-19  6:48 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20191105084339.26687.81756@vcs0.savannah.gnu.org>
     [not found] ` <20191105084341.1496620A3C@vcs0.savannah.gnu.org>
2019-11-16  7:07   ` master 91c732f: Always check for client-certificates Dmitry Alexandrov
2019-11-17 20:32     ` Robert Pluim
2019-11-18  8:32       ` Lars Ingebrigtsen
2019-11-18  9:06         ` Robert Pluim
2019-11-18 15:38           ` Eli Zaretskii
2019-11-18 16:05             ` Robert Pluim
2019-11-18 17:11               ` Eli Zaretskii
2019-11-19  6:48               ` Michael Welsh Duggan [this message]
2019-11-19  7:50                 ` Lars Ingebrigtsen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://www.gnu.org/software/emacs/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87sgmkgy5b.fsf@md5i.com \
    --to=mwd@md5i.com \
    --cc=321942@gmail.com \
    --cc=eliz@gnu.org \
    --cc=emacs-devel@gnu.org \
    --cc=larsi@gnus.org \
    --cc=rpluim@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/emacs.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).