From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Eli Zaretskii <eliz@gnu.org>
Newsgroups: gmane.emacs.devel
Subject: Re: NSM certificate prompt
Date: Sat, 13 Dec 2014 22:06:55 +0200
Message-ID: <83r3w348m8.fsf@gnu.org>
References: <83a92r625n.fsf@gnu.org> <87wq5vefiz.fsf@gmx.de>
	<83388j5wrs.fsf@gnu.org> <87mw6reaxu.fsf@gmx.de>
	<83y4qb4eeg.fsf@gnu.org> <83vblf4b2p.fsf@gnu.org>
	<87r3w3z60b.fsf@lifelogs.com>
Reply-To: Eli Zaretskii <eliz@gnu.org>
NNTP-Posting-Host: plane.gmane.org
X-Trace: ger.gmane.org 1418501260 20338 80.91.229.3 (13 Dec 2014 20:07:40 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Sat, 13 Dec 2014 20:07:40 +0000 (UTC)
To: emacs-devel@gnu.org
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sat Dec 13 21:07:34 2014
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1XzsyT-0006oo-JJ
	for ged-emacs-devel@m.gmane.org; Sat, 13 Dec 2014 21:07:33 +0100
Original-Received: from localhost ([::1]:34173 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1XzsyT-0005t8-3a
	for ged-emacs-devel@m.gmane.org; Sat, 13 Dec 2014 15:07:33 -0500
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:38231)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <eliz@gnu.org>) id 1XzsyA-0005t0-MZ
	for emacs-devel@gnu.org; Sat, 13 Dec 2014 15:07:20 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <eliz@gnu.org>) id 1Xzsy4-000499-QE
	for emacs-devel@gnu.org; Sat, 13 Dec 2014 15:07:14 -0500
Original-Received: from mtaout22.012.net.il ([80.179.55.172]:62306)
	by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <eliz@gnu.org>)
	id 1Xzsy4-000491-IN
	for emacs-devel@gnu.org; Sat, 13 Dec 2014 15:07:08 -0500
Original-Received: from conversion-daemon.a-mtaout22.012.net.il by
	a-mtaout22.012.net.il (HyperSendmail v2007.08) id
	<0NGJ00600ECT7400@a-mtaout22.012.net.il> for
	emacs-devel@gnu.org; Sat, 13 Dec 2014 22:07:07 +0200 (IST)
Original-Received: from HOME-C4E4A596F7 ([87.69.4.28]) by a-mtaout22.012.net.il
	(HyperSendmail v2007.08) with ESMTPA id
	<0NGJ005VFEJUYM40@a-mtaout22.012.net.il> for
	emacs-devel@gnu.org; Sat, 13 Dec 2014 22:07:07 +0200 (IST)
In-reply-to: <87r3w3z60b.fsf@lifelogs.com>
X-012-Sender: halo1@inter.net.il
X-detected-operating-system: by eggs.gnu.org: Solaris 10
X-Received-From: 80.179.55.172
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:180037
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/180037>

> From: Ted Zlatanov <tzz@lifelogs.com>
> Date: Sat, 13 Dec 2014 14:47:32 -0500
> 
> I'd make it the default, but through the trustfiles list: if the symbol
> 'system is found in the list, we load the system trust. And that's the
> default.  But the user can add their own trustfiles, as they do now.

What would be the reason for the user to remove 'system from the list?
If a user is somehow not happy about system trust data, she should
customize her system (if she is authorized), not Emacs.  E.g., add a
list of blacklisted certificates, remove certificates from the bundle,
etc.

> EZ> What about Posix systems -- won't calling
> EZ> gnutls_certificate_set_x509_system_trust remove the need to load
> EZ> gnutls-trustfiles explicitly for every TLS connection?
> 
> I think the user should be able to customize the trustfiles so the two
> are not exclusive.

To add certificates, I agree.  But to remove certificates through
Emacs?  That sounds backwards to me.

> I don't know about once-per-connection either, is that a GnuTLS
> feature with gnutls_certificate_set_x509_system_trust()?

No, I meant that we do this inside gnutls-boot, which AFAIU is invoked
for each new TLS connection.