From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Ted Zlatanov <tzz@lifelogs.com>
Newsgroups: gmane.comp.encryption.gpg.gnutls.devel,gmane.emacs.devel
Subject: Re: Emacs core TLS support
Date: Sun, 03 Oct 2010 22:42:43 -0500
Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos
Message-ID: <87iq1ihbd8.fsf@lifelogs.com>
References: <878wc1vfh3.fsf@lifelogs.com>
	<jwvbpgw1yp2.fsf-monnier+emacs@gnu.org> <87d41csktn.fsf@lifelogs.com>
	<87k4v0n0m8.fsf@lifelogs.com> <87wrrvfnc4.fsf@lifelogs.com>
	<m3zkwqhixi.fsf@carbon.jhcloos.org> <87r5i2d00q.fsf@lifelogs.com>
	<87zkwqijye.fsf@stupidchicken.com> <878w4actmg.fsf@lifelogs.com>
	<877hju123h.fsf@stupidchicken.com> <8762yklrdk.fsf@lifelogs.com>
	<jwvlj7fg7gk.fsf-monnier+emacs@gnu.org> <87wrqzhrjv.fsf@lifelogs.com>
	<jwvmxruehco.fsf-monnier+emacs@gnu.org> <87fwxmihyz.fsf@lifelogs.com>
	<8762ycfhqo.fsf@lifelogs.com>
	<AANLkTim_joNAMDoUACseNbTwVEn6dOAexWzb7PKML7K2@mail.gmail.com>
	<87d3sf9soo.fsf@lifelogs.com> <87eicn2upl.fsf@mocca.josefsson.org>
	<87k4m92fuq.fsf@lifelogs.com> <87sk0rbkz5.fsf@mocca.josefsson.org>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: dough.gmane.org 1286163783 6005 80.91.229.12 (4 Oct 2010 03:43:03 GMT)
X-Complaints-To: usenet@dough.gmane.org
NNTP-Posting-Date: Mon, 4 Oct 2010 03:43:03 +0000 (UTC)
Cc: emacs-devel@gnu.org
To: gnutls-devel@gnu.org
Original-X-From: gnutls-devel-bounces+pgp-gnutls-dev=m.gmane.org@gnu.org Mon Oct 04 05:43:02 2010
Return-path: <gnutls-devel-bounces+pgp-gnutls-dev=m.gmane.org@gnu.org>
Envelope-to: pgp-gnutls-dev@m.gmane.org
Original-Received: from lists.gnu.org ([199.232.76.165])
	by lo.gmane.org with esmtp (Exim 4.69)
	(envelope-from <gnutls-devel-bounces+pgp-gnutls-dev=m.gmane.org@gnu.org>)
	id 1P2bx7-0007Df-Fk
	for pgp-gnutls-dev@m.gmane.org; Mon, 04 Oct 2010 05:43:01 +0200
Original-Received: from localhost ([127.0.0.1]:44056 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43)
	id 1P2bx6-0000zI-PO
	for pgp-gnutls-dev@m.gmane.org; Sun, 03 Oct 2010 23:43:00 -0400
Original-Received: from [140.186.70.92] (port=40409 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1P2bx3-0000yz-6F
	for gnutls-devel@gnu.org; Sun, 03 Oct 2010 23:42:58 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <pgp-gnutls-dev@m.gmane.org>) id 1P2bx1-00080Y-Tb
	for gnutls-devel@gnu.org; Sun, 03 Oct 2010 23:42:57 -0400
Original-Received: from lo.gmane.org ([80.91.229.12]:32840)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <pgp-gnutls-dev@m.gmane.org>) id 1P2bx1-00080Q-IX
	for gnutls-devel@gnu.org; Sun, 03 Oct 2010 23:42:55 -0400
Original-Received: from list by lo.gmane.org with local (Exim 4.69)
	(envelope-from <pgp-gnutls-dev@m.gmane.org>) id 1P2bwz-0007Bi-Od
	for gnutls-devel@gnu.org; Mon, 04 Oct 2010 05:42:53 +0200
Original-Received: from c-24-14-16-248.hsd1.il.comcast.net ([24.14.16.248])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <gnutls-devel@gnu.org>; Mon, 04 Oct 2010 05:42:53 +0200
Original-Received: from tzz by c-24-14-16-248.hsd1.il.comcast.net with local (Gmexim
	0.1 (Debian)) id 1AlnuQ-0007hv-00
	for <gnutls-devel@gnu.org>; Mon, 04 Oct 2010 05:42:53 +0200
X-Injected-Via-Gmane: http://gmane.org/
Original-Lines: 41
Original-X-Complaints-To: usenet@dough.gmane.org
X-Gmane-NNTP-Posting-Host: c-24-14-16-248.hsd1.il.comcast.net
X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6;
	d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT=
	D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx"
User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/24.0.50 (gnu/linux)
Cancel-Lock: sha1:mY19XsVKHGkb8Mbv5sWkZX2iDCo=
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3)
X-BeenThere: gnutls-devel@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: GnuTLS development discussions <gnutls-devel.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/gnutls-devel>,
	<mailto:gnutls-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/gnutls-devel>
List-Post: <mailto:gnutls-devel@gnu.org>
List-Help: <mailto:gnutls-devel-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/gnutls-devel>,
	<mailto:gnutls-devel-request@gnu.org?subject=subscribe>
Original-Sender: gnutls-devel-bounces+pgp-gnutls-dev=m.gmane.org@gnu.org
Errors-To: gnutls-devel-bounces+pgp-gnutls-dev=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.comp.encryption.gpg.gnutls.devel:4593 gmane.emacs.devel:131312
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/131312>

On Thu, 30 Sep 2010 12:10:22 +0200 Simon Josefsson <simon@josefsson.org> wrote: 

SJ> Ted Zlatanov <tzz@lifelogs.com> writes:
>>>> +PRIORITY-STRING is as per the GnuTLS docs.
>> 
SJ> Maybe there could be an info hyperlink here?
SJ> I was thinking to the Info manual.  Just a nit...

Generally I don't see Info links in the function docstrings.  It's
common to link to other functions, but I don't know about Info links.
Maybe someone more knowledgeable can say.

It's pretty unusual to use a priority string other than the default of
"NORMAL", right?  I think if we provide decent defaults, this will
rarely need to be checked and so it's not too important to provide live
links to a manual.

SJ> 2) The design makes it a bit difficult to support multiple
SJ> credentials.  The GnuTLS API allows clients to have several
SJ> credentials (X.509, OpenPGP, etc).

Do you think it's sensible to add the complexity of multiple
credentials?  It would make the current API much heavier.  Right now we
just have a credential type (anon or X.509) and a few options for
trust/keyfiles, etc.  Stacking multiple credentials could maybe work by
passing multiple plists, each with its own type, instead of just one, to
gnutls-boot.  But is that really a common scenario for a client?

>> As I mentioned earlier I think GnuTLS should consider further
>> extending the idea of priority strings to a full configuration
>> (credentials especially) in a single string or file.  That would make
>> using it so much easier from Emacs Lisp.

SJ> Hm.  Interesting, yes, it could do that.  I'm not sure it makes sense to
SJ> support at the C layer, but I'll think about it.

Thanks.  That would be very nice for talking to GnuTLS not only from
Emacs, but from Perl and other scripting languages and even from the
shell as well.

Ted