From: Ted Zlatanov <tzz@lifelogs.com>
To: emacs-devel@gnu.org
Subject: Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking.
Date: Thu, 09 Oct 2014 09:10:17 -0400 [thread overview]
Message-ID: <m2iojt2xty.fsf@lifelogs.com> (raw)
In-Reply-To: 87lhoqzdzv.fsf@toke.dk
On Wed, 08 Oct 2014 19:07:48 +0200 Toke Høiland-Jørgensen <toke@toke.dk> wrote:
TH> Lars Magne Ingebrigtsen <larsi@gnus.org> writes:
>> Well, I kinda think the TOFU stuff is a fine band-aid, but we really
>> need a suture here, and the band-aid really sounds like it would more
>> get in the way of getting what we really need. :-)
TH> Yeah, well for right now I'm in the band-aid making business I guess :)
TH> Resubmitted the updated patch and will return once I have some time for
TH> making sutures...
Toke and Lars, I would really appreciate it if you could review this
thread, which was my preliminary research in 2010 on how we could store
and verify certificates, with comments from Nikos (the maintainer of
GnuTLS). It predates the TOFU features.
http://comments.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4580
Lars, I think it would be smart to resume that conversation and ask the
GnuTLS guys about Toke's approach vs. the oversight-from-ELisp approach
you suggested. I think Eli is on the GnuTLS mailing list and perhaps
others will join in.
Either way, I think the TOFU functions will at least have to be exposed
to ELisp when they are available so the certificate UI can use them. So
I can break Toke's patch in two pieces for that purpose, if that's OK
with everyone, and apply the part I know we'll need.
Thanks
Ted
prev parent reply other threads:[~2014-10-09 13:10 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-07 21:16 [PATCH RFC] GnuTLS: Support TOFU certificate checking Toke Høiland-Jørgensen
2014-10-07 21:35 ` Lars Magne Ingebrigtsen
2014-10-07 21:55 ` Toke Høiland-Jørgensen
2014-10-08 11:53 ` Lars Magne Ingebrigtsen
2014-10-08 11:58 ` Lars Magne Ingebrigtsen
2014-10-08 12:10 ` Toke Høiland-Jørgensen
2014-10-08 12:18 ` Lars Magne Ingebrigtsen
2014-10-08 12:39 ` Toke Høiland-Jørgensen
2014-10-08 12:42 ` Lars Magne Ingebrigtsen
2014-10-08 12:53 ` Eli Zaretskii
2014-10-08 12:56 ` Lars Magne Ingebrigtsen
2014-10-08 13:03 ` Eli Zaretskii
2014-10-08 13:06 ` Lars Magne Ingebrigtsen
2014-10-08 13:17 ` Eli Zaretskii
2014-10-08 13:25 ` Lars Magne Ingebrigtsen
2014-10-08 13:38 ` Eli Zaretskii
2014-10-08 13:47 ` Lars Magne Ingebrigtsen
2014-10-08 13:59 ` Toke Høiland-Jørgensen
2014-10-08 14:05 ` Lars Magne Ingebrigtsen
2014-10-08 14:01 ` Eli Zaretskii
2014-10-08 14:09 ` Lars Magne Ingebrigtsen
2014-10-08 14:11 ` Eli Zaretskii
2014-10-08 14:56 ` Ted Zlatanov
2014-10-08 15:31 ` Lars Magne Ingebrigtsen
2014-10-08 15:37 ` Ted Zlatanov
2014-10-09 2:43 ` Stephen J. Turnbull
2014-10-09 13:17 ` Ted Zlatanov
2014-10-08 13:28 ` Toke Høiland-Jørgensen
2014-10-08 14:52 ` Ted Zlatanov
2014-10-08 15:19 ` Toke Høiland-Jørgensen
2014-10-08 15:45 ` Ted Zlatanov
2014-10-08 16:09 ` Toke Høiland-Jørgensen
2014-10-08 16:52 ` Lars Magne Ingebrigtsen
2014-10-08 17:07 ` Toke Høiland-Jørgensen
2014-10-09 13:10 ` Ted Zlatanov [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m2iojt2xty.fsf@lifelogs.com \
--to=tzz@lifelogs.com \
--cc=emacs-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).