From: Ted Zlatanov <tzz@lifelogs.com>
To: emacs-devel@gnu.org
Subject: Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking.
Date: Wed, 08 Oct 2014 11:45:02 -0400 [thread overview]
Message-ID: <m238ay4lc1.fsf@lifelogs.com> (raw)
In-Reply-To: 87tx3emvwv.fsf@alrua-karlstad.karlstad.toke.dk
On Wed, 08 Oct 2014 17:19:12 +0200 Toke Høiland-Jørgensen <toke@toke.dk> wrote:
TH> Ted Zlatanov <tzz@lifelogs.com> writes:
>> I like the simplicity of it. It would be nice to do this inside Emacs
>> itself (it's OK if it requires some kind of `emacs --batch' call,
>> doesn't have to be immediate). Either way, the errors should tell us
>> specifically what to run from the command line in these two cases:
TH> I have an updated version where I split out the parameters into
TH> :tofu-strict and :tofu-auto, where the latter will automatically add a
TH> certificate that hasn't been seen before (and fail on mismatch only).
TH> This might be more suitable to have turned out by default.
That's very good.
TH> Removing things from the key store has to be done manually, though; but
TH> that goes for gnutls-cli as well (and even for ssh).
The certificate management UI will take care of that.
>> I think so. But Emacs creates a Emacs-specific homedir for the GnuPG
>> keychain, for verification of the package archives, in
>> `~/.emacs.d/gnupg' which is an equally valid approach. So I don't have
>> a strong opinion.
>>
>> What's the drawback of having a dedicated Emacs store? Do any other
>> programs besides `gnutls-cli` use the global GnuTLS store?
TH> Well, any programs that use gnutls and pass NULL as the trust store will
TH> share the site default. Using this also has the nice side effect of not
TH> having to come up with a portable way to find a suitable file name (I'm
TH> sure this is solved elsewhere in the emacs code but it saved me from
TH> going looking ;)).
Emacs has this function already, e.g. `(locate-user-emacs-file "certs")'
I think it's better to make the store private than shared by default, so
I'd just give the user the choice to use nil (translated to NULL in C).
>> I think that's pretty tricky with GnuTLS because it expects all the
>> validations to be C callbacks and just hands off the connection at the
>> end. You're not supposed to interact with the session during the
>> validation, IIUC. So it will probably require two attempts.
TH> Noted. I checked what gnutls-cli does (by way of packet dumps), and it
TH> seems to keep the connection open, presumably in the middle of the
TH> handshake, while waiting for the user to decide whether to trust it. So
TH> presumably something similar could be done by Emacs, and I think it's
TH> more a matter of whether or not it's possible to call back up into lisp
TH> from this part of the code.
That would be great, please see how far you get with the exploration.
Your contribution is already very useful so I am excited to see it evolve.
>> Yes, that would be nice and clean. They can simply be attached as
>> symbol properties to the error. Maybe you can adjust
>> `gnutls_make_error'?
TH> I will look into it. I'm out of time to hack on this for a while, so for
TH> now I'll just resubmit the patch with the changes noted above, and then
TH> return to this at a later date (heh, famous last words).
OK; Lars and I will probably work on it as well as time allows in order
to get something into trunk.
Ted
next prev parent reply other threads:[~2014-10-08 15:45 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-07 21:16 [PATCH RFC] GnuTLS: Support TOFU certificate checking Toke Høiland-Jørgensen
2014-10-07 21:35 ` Lars Magne Ingebrigtsen
2014-10-07 21:55 ` Toke Høiland-Jørgensen
2014-10-08 11:53 ` Lars Magne Ingebrigtsen
2014-10-08 11:58 ` Lars Magne Ingebrigtsen
2014-10-08 12:10 ` Toke Høiland-Jørgensen
2014-10-08 12:18 ` Lars Magne Ingebrigtsen
2014-10-08 12:39 ` Toke Høiland-Jørgensen
2014-10-08 12:42 ` Lars Magne Ingebrigtsen
2014-10-08 12:53 ` Eli Zaretskii
2014-10-08 12:56 ` Lars Magne Ingebrigtsen
2014-10-08 13:03 ` Eli Zaretskii
2014-10-08 13:06 ` Lars Magne Ingebrigtsen
2014-10-08 13:17 ` Eli Zaretskii
2014-10-08 13:25 ` Lars Magne Ingebrigtsen
2014-10-08 13:38 ` Eli Zaretskii
2014-10-08 13:47 ` Lars Magne Ingebrigtsen
2014-10-08 13:59 ` Toke Høiland-Jørgensen
2014-10-08 14:05 ` Lars Magne Ingebrigtsen
2014-10-08 14:01 ` Eli Zaretskii
2014-10-08 14:09 ` Lars Magne Ingebrigtsen
2014-10-08 14:11 ` Eli Zaretskii
2014-10-08 14:56 ` Ted Zlatanov
2014-10-08 15:31 ` Lars Magne Ingebrigtsen
2014-10-08 15:37 ` Ted Zlatanov
2014-10-09 2:43 ` Stephen J. Turnbull
2014-10-09 13:17 ` Ted Zlatanov
2014-10-08 13:28 ` Toke Høiland-Jørgensen
2014-10-08 14:52 ` Ted Zlatanov
2014-10-08 15:19 ` Toke Høiland-Jørgensen
2014-10-08 15:45 ` Ted Zlatanov [this message]
2014-10-08 16:09 ` Toke Høiland-Jørgensen
2014-10-08 16:52 ` Lars Magne Ingebrigtsen
2014-10-08 17:07 ` Toke Høiland-Jørgensen
2014-10-09 13:10 ` Ted Zlatanov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m238ay4lc1.fsf@lifelogs.com \
--to=tzz@lifelogs.com \
--cc=emacs-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.