* Default value of tls-checktrust should be 'ask
@ 2008-04-08 9:05 Sascha Wilde
2008-04-08 9:19 ` Jason Rumney
0 siblings, 1 reply; 5+ messages in thread
From: Sascha Wilde @ 2008-04-08 9:05 UTC (permalink / raw)
To: emacs-devel
the subject says it all. ;-)
The current default is nil, which means that server certificates are not
checked which is a bad thing. Not checking the certificate means, that
SSL/TLS connections, which are supposed to be "save" (and most users
will believe they are) are really not trustworthy.
cheers
sascha
--
Sascha Wilde
Hauptfunktion einer GUI ist es IMHO, die dadurch verlorene Zeit durch
einen höheren Spaß-Faktor zu kompensieren. Essentiell ein
Computerspiel. -- Rainer Weikusat in d.c.o.u.d
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Default value of tls-checktrust should be 'ask
2008-04-08 9:05 Default value of tls-checktrust should be 'ask Sascha Wilde
@ 2008-04-08 9:19 ` Jason Rumney
2008-04-08 10:55 ` Sascha Wilde
0 siblings, 1 reply; 5+ messages in thread
From: Jason Rumney @ 2008-04-08 9:19 UTC (permalink / raw)
To: Sascha Wilde; +Cc: emacs-devel
Sascha Wilde wrote:
> the subject says it all. ;-)
>
> The current default is nil, which means that server certificates are not
> checked which is a bad thing. Not checking the certificate means, that
> SSL/TLS connections, which are supposed to be "save" (and most users
> will believe they are) are really not trustworthy.
>
We should also provide an easy way to insert the certificate into a
local trust store (ie 'ask will allow "always" and "never" as well as
"yes" and "no" answers) , to give the power over who to trust back to
the users, rather than allowing companies like Verisign to monopolise
it. Does gnutls have a local per user store we can use for this?
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Default value of tls-checktrust should be 'ask
2008-04-08 9:19 ` Jason Rumney
@ 2008-04-08 10:55 ` Sascha Wilde
2008-04-08 11:08 ` Jason Rumney
0 siblings, 1 reply; 5+ messages in thread
From: Sascha Wilde @ 2008-04-08 10:55 UTC (permalink / raw)
To: Jason Rumney; +Cc: emacs-devel
Jason Rumney <jasonr@gnu.org> wrote:
> We should also provide an easy way to insert the certificate into a
> local trust store (ie 'ask will allow "always" and "never" as well as
> "yes" and "no" answers) , to give the power over who to trust back to
> the users, rather than allowing companies like Verisign to monopolise
> it. Does gnutls have a local per user store we can use for this?
No need for this, you can always add (or remove) any CAs root
certificate, see tls-checktrust docstring for examples on how to
configure a specific root-cert collection. (and of cause the
documentation for gnutls for further details.)
cheers
sascha
--
Sascha Wilde
God put me on earth to accomplish a certain number of things.
Right now I am so far behind I will never die.
-- Bill Waterson, Calvin and Hobbes
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Default value of tls-checktrust should be 'ask
2008-04-08 10:55 ` Sascha Wilde
@ 2008-04-08 11:08 ` Jason Rumney
2008-04-08 13:04 ` Sascha Wilde
0 siblings, 1 reply; 5+ messages in thread
From: Jason Rumney @ 2008-04-08 11:08 UTC (permalink / raw)
To: Sascha Wilde; +Cc: emacs-devel
Sascha Wilde wrote:
> Jason Rumney <jasonr@gnu.org> wrote:
>
>> We should also provide an easy way to insert the certificate into a
>> local trust store (ie 'ask will allow "always" and "never" as well as
>> "yes" and "no" answers) , to give the power over who to trust back to
>> the users, rather than allowing companies like Verisign to monopolise
>> it. Does gnutls have a local per user store we can use for this?
>>
>
> No need for this, you can always add (or remove) any CAs root
> certificate, see tls-checktrust docstring for examples on how to
> configure a specific root-cert collection. (and of cause the
> documentation for gnutls for further details.)
>
How does the docstring of tls-checktrust solve the problem? There is no
convenient UI for trusting individual server certificates, independantly
of the CA that issued them (many servers I use have self-signed
certificates). Telling the user to sort out their configuration outside
of Emacs is not an acceptable substitute. Emacs users should not have to
become experts in gnutls configuration merely to use an SSL enabled mail
server.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Default value of tls-checktrust should be 'ask
2008-04-08 11:08 ` Jason Rumney
@ 2008-04-08 13:04 ` Sascha Wilde
0 siblings, 0 replies; 5+ messages in thread
From: Sascha Wilde @ 2008-04-08 13:04 UTC (permalink / raw)
To: Jason Rumney; +Cc: emacs-devel
Jason Rumney <jasonr@gnu.org> wrote:
> Sascha Wilde wrote:
>>> We should also provide an easy way to insert the certificate into a
>>> local trust store (ie 'ask will allow "always" and "never" as well as
>>> "yes" and "no" answers) , to give the power over who to trust back to
>>> the users, rather than allowing companies like Verisign to monopolise
>>> it. Does gnutls have a local per user store we can use for this?
>>
>> No need for this, you can always add (or remove) any CAs root
>> certificate, see tls-checktrust docstring for examples on how to
>> configure a specific root-cert collection. (and of cause the
>> documentation for gnutls for further details.)
>
> How does the docstring of tls-checktrust solve the problem? There is
> no convenient UI for trusting individual server certificates,
I agree that an UI for managing trusted (root)certificates would be
convenient. But to implement it will need some serious afford.
Anyway its orthogonal to the default value of tls-checktrust which IMO
should be changed even if it means that the new default is a bit less
convenient, because the current default is dangerous.
sascha
--
Sascha Wilde
Hi! I'm a .signature *virus*! Copy me into your ~/.signature to help me spread!
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2008-04-08 13:04 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-04-08 9:05 Default value of tls-checktrust should be 'ask Sascha Wilde
2008-04-08 9:19 ` Jason Rumney
2008-04-08 10:55 ` Sascha Wilde
2008-04-08 11:08 ` Jason Rumney
2008-04-08 13:04 ` Sascha Wilde
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.