From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!.POSTED!not-for-mail
From: Ted Zlatanov <tzz@lifelogs.com>
Newsgroups: gmane.emacs.devel
Subject: GnuTLS C support for nsm.el
Date: Fri, 11 Nov 2016 12:30:07 -0500
Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos
Message-ID: <87twbd3oww.fsf@lifelogs.com>
Reply-To: emacs-devel@gnu.org
NNTP-Posting-Host: blaine.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: blaine.gmane.org 1478885484 27686 195.159.176.226 (11 Nov 2016 17:31:24 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Fri, 11 Nov 2016 17:31:24 +0000 (UTC)
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.0.50 (gnu/linux)
To: emacs-devel@gnu.org
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Fri Nov 11 18:31:19 2016
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by blaine.gmane.org with esmtp (Exim 4.84_2)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1c5FfR-0005ee-JS
	for ged-emacs-devel@m.gmane.org; Fri, 11 Nov 2016 18:31:09 +0100
Original-Received: from localhost ([::1]:54381 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1c5FfU-0002mq-GR
	for ged-emacs-devel@m.gmane.org; Fri, 11 Nov 2016 12:31:12 -0500
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:41630)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1c5FfO-0002mf-03
	for emacs-devel@gnu.org; Fri, 11 Nov 2016 12:31:06 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1c5FfK-0000Ck-QT
	for emacs-devel@gnu.org; Fri, 11 Nov 2016 12:31:06 -0500
Original-Received: from [195.159.176.226] (port=48764 helo=blaine.gmane.org)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <ged-emacs-devel@m.gmane.org>)
	id 1c5FfK-0000BR-J6
	for emacs-devel@gnu.org; Fri, 11 Nov 2016 12:31:02 -0500
Original-Received: from list by blaine.gmane.org with local (Exim 4.84_2)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1c5Fez-0002Qj-2H
	for emacs-devel@gnu.org; Fri, 11 Nov 2016 18:30:41 +0100
X-Injected-Via-Gmane: http://gmane.org/
Mail-Followup-To: emacs-devel@gnu.org
Original-Lines: 16
Original-X-Complaints-To: usenet@blaine.gmane.org
X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6;
	d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT=
	D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx"
Mail-Copies-To: never
Cancel-Lock: sha1:UcxwhHQ2Tzn47Jgmo8aQWNU+xMQ=
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 195.159.176.226
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel/>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: "Emacs-devel" <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.emacs.devel:209342
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/209342>

Since 3.0.13, GnuTLS has gnutls_verify_stored_pubkey() and
gnutls_store_pubkey() according to
https://www.gnutls.org/manual/html_node/Certificate-verification.html
which can replace a good chunk of the code in nsm.el and move it down
the stack.

The UI is similar to the typical SSH hostkey acceptance. By default
these use ~/.gnutls/known_hosts but Emacs could override the backend
storage function to use the ~/.emacs.d/network-security.data file.

I am neutral about this, but wanted to bring it up for discussion. Does
anyone think this GnuTLS facility is valuable enough to start using it,
or should we keep nsm.el the way it is, Emacs Lisp only? Lars?

Thanks
Ted