From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Michael Albinus Newsgroups: gmane.emacs.devel Subject: Re: NSM certificate prompt Date: Sun, 14 Dec 2014 13:52:10 +0100 Message-ID: <87wq5ucs1x.fsf@gmx.de> References: <83a92r625n.fsf@gnu.org> <87wq5vefiz.fsf@gmx.de> <83388j5wrs.fsf@gnu.org> <87mw6reaxu.fsf@gmx.de> <83y4qb4eeg.fsf@gnu.org> <83vblf4b2p.fsf@gnu.org> <87r3w3z60b.fsf@lifelogs.com> <83r3w348m8.fsf@gnu.org> <87iohfyprn.fsf@lifelogs.com> <83mw6q51x4.fsf@gnu.org> <87egs2zcqf.fsf@lifelogs.com> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1418561557 22509 80.91.229.3 (14 Dec 2014 12:52:37 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sun, 14 Dec 2014 12:52:37 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sun Dec 14 13:52:30 2014 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Y08ey-0006TL-SN for ged-emacs-devel@m.gmane.org; Sun, 14 Dec 2014 13:52:29 +0100 Original-Received: from localhost ([::1]:35782 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Y08ey-0005Bs-FI for ged-emacs-devel@m.gmane.org; Sun, 14 Dec 2014 07:52:28 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:57178) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Y08eq-0005BR-Bg for emacs-devel@gnu.org; Sun, 14 Dec 2014 07:52:26 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Y08ek-0003Nz-Dt for emacs-devel@gnu.org; Sun, 14 Dec 2014 07:52:20 -0500 Original-Received: from mout.gmx.net ([212.227.17.20]:51791) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Y08ek-0003Nt-4l for emacs-devel@gnu.org; Sun, 14 Dec 2014 07:52:14 -0500 Original-Received: from detlef.gmx.de ([87.146.33.186]) by mail.gmx.com (mrgmx101) with ESMTPSA (Nemesis) id 0MLzXM-1Y1GB50YIu-007j1o for ; Sun, 14 Dec 2014 13:52:11 +0100 In-Reply-To: <87egs2zcqf.fsf@lifelogs.com> (Ted Zlatanov's message of "Sun, 14 Dec 2014 06:34:32 -0500") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.0.50 (gnu/linux) X-Provags-ID: V03:K0:sDZXLYvVuz79iSP8cvkqLnEEoff0YLeuAhIfmMbdBc9o64cMWa9 29LRnNL6M27estzEMg+yWzGswKKgExtJIIk3AhM7rmh+Hf1xzVI0vWXb9qj1qE+9qp+FcLn qJyyu/r9QUmJV/JPNCOcSWR/T2lysgmAoWIvM6194a8MC6B/a2cuzl9o+R8F0fSZzyH7GlI +EI8zwkX/H1vKD6z6AxZw== X-UI-Out-Filterresults: notjunk:1; X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic] X-Received-From: 212.227.17.20 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:180067 Archived-At: Ted Zlatanov writes: > While CRL support is a good way to deal with this in general, I still > think giving the user the option to manage their trustfiles is valuable. > But we should definitely try to support CRLs or DANE more urgently, > rather than expecting the user to manage trustfiles and certificate > revocations. CRLs are a good thing, in theory. But they work only when you are online, and when you are able to retrieve a proper CRL from the CA. If the CA is blocked by whatever means, CRLs don't work. DANE uses an indepedent way in order to give you trust into a given certificate (via DNSSec). However, I don't know how much it is supported already, by both the servers and by gnutls as client. I do not object to support CRLs and DANE, but we shouldn't expect perfect trust then. > Ted Best regards, Michael.