From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Lars Magne Ingebrigtsen <larsi@gnus.org>
Newsgroups: gmane.emacs.devel
Subject: Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking.
Date: Wed, 08 Oct 2014 17:31:33 +0200
Message-ID: <m38ukqy3vu.fsf@stories.gnus.org>
References: <1412716565-7786-1-git-send-email-toke@toke.dk>
	<m3iojv4l87.fsf@stories.gnus.org>
	<87a957o87z.fsf@alrua-karlstad.karlstad.toke.dk>
	<m3ppe222ww.fsf@stories.gnus.org> <87bnpm2249.fsf@toke.dk>
	<m3zjd6zre4.fsf@stories.gnus.org> <83eguik9ip.fsf@gnu.org>
	<m3a956zpmd.fsf@stories.gnus.org> <83d2a2k91n.fsf@gnu.org>
	<m338ayzp5f.fsf@stories.gnus.org> <83bnpmk8fd.fsf@gnu.org>
	<m3y4sqy9pk.fsf@stories.gnus.org> <838ukqk7gd.fsf@gnu.org>
	<m3tx3ey8p6.fsf@stories.gnus.org> <834mvek6dq.fsf@gnu.org>
	<m3fveyy7ov.fsf@stories.gnus.org> <m2fvey4nl0.fsf@lifelogs.com>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: ger.gmane.org 1412782346 28789 80.91.229.3 (8 Oct 2014 15:32:26 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Wed, 8 Oct 2014 15:32:26 +0000 (UTC)
To: emacs-devel@gnu.org
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Wed Oct 08 17:32:20 2014
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1XbtDu-00049B-1t
	for ged-emacs-devel@m.gmane.org; Wed, 08 Oct 2014 17:32:18 +0200
Original-Received: from localhost ([::1]:36923 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1XbtDt-0002Ow-Mn
	for ged-emacs-devel@m.gmane.org; Wed, 08 Oct 2014 11:32:17 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:58034)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <larsi@gnus.org>) id 1XbtDb-0002OW-NL
	for emacs-devel@gnu.org; Wed, 08 Oct 2014 11:32:05 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <larsi@gnus.org>) id 1XbtDW-00053s-9y
	for emacs-devel@gnu.org; Wed, 08 Oct 2014 11:31:59 -0400
Original-Received: from hermes.netfonds.no ([80.91.224.195]:44179)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <larsi@gnus.org>) id 1XbtDW-00053S-4T
	for emacs-devel@gnu.org; Wed, 08 Oct 2014 11:31:54 -0400
Original-Received: from cm-84.215.51.58.getinternet.no ([84.215.51.58]
	helo=stories.gnus.org)
	by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16)
	(Exim 4.72) (envelope-from <larsi@gnus.org>) id 1XbtDC-0005W9-QK
	for emacs-devel@gnu.org; Wed, 08 Oct 2014 17:31:35 +0200
Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAElBMVEXNvL6un6mjk559bX5W
	TF6RgZC0aH7LAAACc0lEQVQ4jW3TwXLjIAwGYOHWd0Tru4Fwjw3cuzW5xxC9/6vsj91ktjPrmc60
	+iohQFApMcYsLYpIy/iJCxHTRGVLv0DiFaA8lVIyQI5YlirxTqRVA2QEaognOIkzYHgA9tChx2OU
	GvJMZjYJUFHmBa5DOCH3NULvB2CD3FW0B2zHGqFnINXJfdxOiEvMzjk5Wq4mzG8bd7hFmQB9EXyO
	w/y+uQ75OkpARkCO5Go7VAas+Q1B6/SIQpZ6xs0pwNY2L06TcqxpsGz0Z7YqnTsXTf3jUI0FCB+w
	xbj3sPKxothAowtP6PEJh4vjtUyD1ANiQ4YiIyHGUrUlart6nBk5VGusxxUsGi2IRsaWtn5GYVeu
	AXaWetloLNT/f1mV1exSSbfLMtDnTU2FjhtfibUyKDqVP4rerx16Rsu1rAQouXynG9o+YbP7VJQe
	0pqWy5K+BntC2vRiimbWtc3KPe6jqx99jVQ8iqzpu4WUm3rII50QSyzf3n5+fbDnUU80TtUXyu36
	kPLd7KS88fQxA8bqN+pT2VIsq9gs5Rb2KI9H3yOmM8zKNKuYHbapR5qG/RIpV2F8HjFj8QuAh90L
	ZWPEo7VVa+djVrq12HYfaJEJd8CBNcoYw3pQmqwxtGJwAIZZmarABGAeqA9Zrw0INiyIqvkYAAz4
	D2BOqlVEg36CsyhkleW7YVyseYI7gHFXeD3/QHWu78DiT3/C/MpATyCtQsuYMD5hy86egH5bRgbr
	H6gOK/wP5ADXIXY447/g7IpfUHGmHYzH6OoXxIxnhAdVnWkCUOoFgh0C8C4PeGaUuLYafHTcX24/
	tlcG1iCDg+kv9wV/AdM6tKW9exGfAAAAAElFTkSuQmCC
X-Now-Playing: =?iso-8859-1?Q?Bj=F6rk's?= _Biophilia Remix Series Part Two_:
	"Thunderbolt (Death Grips remix)"
X-Hashcash: 1:23:141008:emacs-devel@gnu.org::9Z6rcA52XHG3TCzM:000000000000000000000000000000000000000000lpd6
In-Reply-To: <m2fvey4nl0.fsf@lifelogs.com> (Ted Zlatanov's message of "Wed, 08
	Oct 2014 10:56:27 -0400")
User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/24.4.50 (gnu/linux)
X-MailScanner-ID: 1XbtDC-0005W9-QK
MailScanner-NULL-Check: 1413387096.83659@CaoKMO4yr6Xk6tm8NZGRMg
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 80.91.224.195
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:175141
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/175141>

Ted Zlatanov <tzz@lifelogs.com> writes:

> What about `emacs --batch'? That change would affect the URL retrieval
> code and thus unattended package installs for instance. Do you just
> reject certificates in batch mode? Or add a `--tofu-accept=SERVER_REGEX'
> option to Emacs for batch mode?

If the user can't answer questions, the default would be to reject
invalid certificates.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no