From: Eli Zaretskii <eliz@gnu.org>
To: emacs-devel@gnu.org
Subject: Re: NSM certificate prompt
Date: Sat, 13 Dec 2014 22:06:55 +0200 [thread overview]
Message-ID: <83r3w348m8.fsf@gnu.org> (raw)
In-Reply-To: <87r3w3z60b.fsf@lifelogs.com>
> From: Ted Zlatanov <tzz@lifelogs.com>
> Date: Sat, 13 Dec 2014 14:47:32 -0500
>
> I'd make it the default, but through the trustfiles list: if the symbol
> 'system is found in the list, we load the system trust. And that's the
> default. But the user can add their own trustfiles, as they do now.
What would be the reason for the user to remove 'system from the list?
If a user is somehow not happy about system trust data, she should
customize her system (if she is authorized), not Emacs. E.g., add a
list of blacklisted certificates, remove certificates from the bundle,
etc.
> EZ> What about Posix systems -- won't calling
> EZ> gnutls_certificate_set_x509_system_trust remove the need to load
> EZ> gnutls-trustfiles explicitly for every TLS connection?
>
> I think the user should be able to customize the trustfiles so the two
> are not exclusive.
To add certificates, I agree. But to remove certificates through
Emacs? That sounds backwards to me.
> I don't know about once-per-connection either, is that a GnuTLS
> feature with gnutls_certificate_set_x509_system_trust()?
No, I meant that we do this inside gnutls-boot, which AFAIU is invoked
for each new TLS connection.
next prev parent reply other threads:[~2014-12-13 20:06 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-13 14:43 NSM certificate prompt Eli Zaretskii
2014-12-13 15:12 ` Lars Magne Ingebrigtsen
2014-12-13 16:01 ` Eli Zaretskii
2014-12-13 16:04 ` Lars Magne Ingebrigtsen
2014-12-13 16:46 ` Eli Zaretskii
2014-12-13 17:27 ` Lars Magne Ingebrigtsen
2014-12-13 15:27 ` Michael Albinus
2014-12-13 15:35 ` Lars Magne Ingebrigtsen
2014-12-13 16:57 ` Michael Albinus
2014-12-13 17:06 ` Eli Zaretskii
2014-12-13 17:29 ` Lars Magne Ingebrigtsen
2014-12-13 18:03 ` Eli Zaretskii
2014-12-13 18:06 ` Lars Magne Ingebrigtsen
2014-12-13 19:16 ` Michael Albinus
2014-12-13 20:02 ` Ted Zlatanov
2014-12-13 16:03 ` Eli Zaretskii
2014-12-13 16:39 ` Eli Zaretskii
2014-12-13 17:06 ` Michael Albinus
2014-12-13 18:01 ` Eli Zaretskii
2014-12-13 19:09 ` Michael Albinus
2014-12-13 19:13 ` Eli Zaretskii
2014-12-13 19:47 ` Ted Zlatanov
2014-12-13 20:06 ` Eli Zaretskii [this message]
2014-12-14 0:23 ` Lars Magne Ingebrigtsen
2014-12-14 1:38 ` Ted Zlatanov
2014-12-14 3:46 ` Eli Zaretskii
2014-12-14 8:16 ` Lars Magne Ingebrigtsen
2014-12-14 16:04 ` Eli Zaretskii
2014-12-19 12:14 ` Lars Ingebrigtsen
2014-12-19 14:41 ` Eli Zaretskii
2014-12-19 16:42 ` Ivan Shmakov
2014-12-19 16:47 ` Lars Ingebrigtsen
2014-12-19 19:53 ` Simon Leinen
2014-12-19 21:37 ` Eli Zaretskii
2014-12-14 11:34 ` Ted Zlatanov
2014-12-14 12:52 ` Michael Albinus
2014-12-14 16:53 ` Eli Zaretskii
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=83r3w348m8.fsf@gnu.org \
--to=eliz@gnu.org \
--cc=emacs-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.