Replace starttls.el with GNUTLS based version?

unofficial mirror of emacs-devel@gnu.org 
 help / color / mirror / code / Atom feed

From: Simon Josefsson <jas@extundo.com>
Cc: emacs-devel@gnu.org, Daiki Ueno <ueno@unixuser.org>
Subject: Replace starttls.el with GNUTLS based version?
Date: Mon, 01 Dec 2003 03:31:49 +0100	[thread overview]
Message-ID: <ilun0adjmju.fsf@latte.josefsson.org> (raw)

How many uses STARTTLS?  For SMTP or IMAP?  The external program
'starttls' isn't widely available (e.g., not packaged by Debian) and
it uses OpenSSL, so I would like to replace the current starttls.el
with a (partially) backwards compatible version that uses GNUTLS.  It
is currently installed in Gnus CVS contrib/starttls.el, and I have
been using it for a while.

The only problem I perceive is that if anyone is using client X.509
certificates, they will have to move from `starttls-extra-args' to
`starttls-extra-argument'.  (That is the backwards incompatible part.)
Because there appear to be a bug in the "starttls" application that
make client authentication useless because the verification result is
ignored, I suspect not many uses X.509 client certificates with
STARTTLS, or at least not anyone who cares enough about security to
audit the tools they use.  So nobody, even users that have configured
client certificates, would lose security by changing to anonymous TLS
with gnutls-cli.  However, they can increase security by setting the
new s-e-a variable.

So, does anyone have an opinion for or against moving
gnus/contrib/starttls.el into gnus/lisp/starttls.el and
emacs/lisp/gnus/starttls.el?  In Emacs, lisp/gnus/imap.el have to be
modified as well (it currently use hard coded filenames, and assumes
things about how the old starttls.el was implemented), but
lisp/mail/smtpmail.el work with STARTTLS unmodified.

To test this in Gnus, simply copy contrib/starttls.el over
lisp/starttls.el and rebuild.

next             reply	other threads:[~2003-12-01  2:31 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-12-01  2:31 Simon Josefsson [this message]
2003-12-01 22:19 ` Replace starttls.el with GNUTLS based version? Richard Stallman
2003-12-02 13:28   ` Simon Josefsson
2003-12-02 16:35     ` Stefan Monnier

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://www.gnu.org/software/emacs/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ilun0adjmju.fsf@latte.josefsson.org \
    --to=jas@extundo.com \
    --cc=ding@gnus.org \
    --cc=emacs-devel@gnu.org \
    --cc=ueno@unixuser.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/emacs.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).