Default value of tls-checktrust should be 'ask

Default value of tls-checktrust should be 'ask

[Sascha Wilde]

the subject says it all.  ;-)

The current default is nil, which means that server certificates are not
checked which is a bad thing.  Not checking the certificate means, that
SSL/TLS connections, which are supposed to be "save" (and most users
will believe they are) are really not trustworthy.

cheers
sascha
-- 
Sascha Wilde
Hauptfunktion einer GUI ist es IMHO, die dadurch verlorene Zeit durch
einen höheren Spaß-Faktor zu kompensieren. Essentiell ein
Computerspiel.  --  Rainer Weikusat in d.c.o.u.d

Re: Default value of tls-checktrust should be 'ask

[Jason Rumney]

Sascha Wilde wrote:

> the subject says it all.  ;-)
>
> The current default is nil, which means that server certificates are not
> checked which is a bad thing.  Not checking the certificate means, that
> SSL/TLS connections, which are supposed to be "save" (and most users
> will believe they are) are really not trustworthy.
>   

We should also provide an easy way to insert the certificate into a 
local trust store (ie 'ask will allow "always" and "never" as well as 
"yes" and "no" answers) , to give the power over who to trust back to 
the users, rather than allowing companies like Verisign to monopolise 
it. Does gnutls have a local per user store we can use for this?

Re: Default value of tls-checktrust should be 'ask

[Sascha Wilde]

Jason Rumney <jasonr@gnu.org> wrote:

> We should also provide an easy way to insert the certificate into a
> local trust store (ie 'ask will allow "always" and "never" as well as
> "yes" and "no" answers) , to give the power over who to trust back to
> the users, rather than allowing companies like Verisign to monopolise
> it. Does gnutls have a local per user store we can use for this?

No need for this, you can always add (or remove) any CAs root
certificate, see tls-checktrust docstring for examples on how to
configure a specific root-cert collection.  (and of cause the
documentation for gnutls for further details.)

cheers
sascha
-- 
Sascha Wilde
God put me on earth to accomplish a certain number of things.
Right now I am so far behind I will never die.
                       -- Bill Waterson, Calvin and Hobbes

Re: Default value of tls-checktrust should be 'ask

[Jason Rumney]

Sascha Wilde wrote:
> Jason Rumney <jasonr@gnu.org> wrote:
>   
>> We should also provide an easy way to insert the certificate into a
>> local trust store (ie 'ask will allow "always" and "never" as well as
>> "yes" and "no" answers) , to give the power over who to trust back to
>> the users, rather than allowing companies like Verisign to monopolise
>> it. Does gnutls have a local per user store we can use for this?
>>     
>
> No need for this, you can always add (or remove) any CAs root
> certificate, see tls-checktrust docstring for examples on how to
> configure a specific root-cert collection.  (and of cause the
> documentation for gnutls for further details.)
>   

How does the docstring of tls-checktrust solve the problem? There is no 
convenient UI for trusting individual server certificates, independantly 
of the CA that issued them (many servers I use have self-signed 
certificates). Telling the user to sort out their configuration outside 
of Emacs is not an acceptable substitute. Emacs users should not have to 
become experts in gnutls configuration merely to use an SSL enabled mail 
server.

Re: Default value of tls-checktrust should be 'ask

[Sascha Wilde]

Jason Rumney <jasonr@gnu.org> wrote:
> Sascha Wilde wrote:
>>> We should also provide an easy way to insert the certificate into a
>>> local trust store (ie 'ask will allow "always" and "never" as well as
>>> "yes" and "no" answers) , to give the power over who to trust back to
>>> the users, rather than allowing companies like Verisign to monopolise
>>> it. Does gnutls have a local per user store we can use for this?
>>
>> No need for this, you can always add (or remove) any CAs root
>> certificate, see tls-checktrust docstring for examples on how to
>> configure a specific root-cert collection.  (and of cause the
>> documentation for gnutls for further details.)
>
> How does the docstring of tls-checktrust solve the problem? There is
> no convenient UI for trusting individual server certificates,

I agree that an UI for managing trusted (root)certificates would be
convenient.  But to implement it will need some serious afford.

Anyway its orthogonal to the default value of tls-checktrust which IMO
should be changed even if it means that the new default is a bit less
convenient, because the current default is dangerous.

sascha
-- 
Sascha Wilde 
Hi! I'm a .signature *virus*! Copy me into your ~/.signature to help me spread!