What level to put STARTTLS certificates

What level to put STARTTLS certificates

[Lars Magne Ingebrigtsen]

I've started rewriting the TLS/auth stuff in smtpmail.el.

Today smtpmail has the following variable:

;;(setq smtpmail-starttls-credentials
;;      '(("YOUR SMTP HOST" 25 "~/.my_smtp_tls.key" "~/.my_smtp_tls.cert")))

But it strikes me that this is probably on the totally wrong level.  I
mean, any TLS connection can have user keys/certs connected to them, so
it seems to me that the right level to control this is on the
network-stream.el level, and not on the
smtpmail.el/pop3.el/nntp.el/imap.el level.

So I think I'll get rid of that variable, and put this stuff into
network-stream.el instead.

This won't be backwards-compatible, but should be easy for the (few)
users to fix up themselves.

I'm thinking the right place to stash this is in ~/.authinfo, since
these are credentials.  The format will be

machine smtp.gmail.com port 587 tls-key file:~/.my_smtp_tls.key tls-cert file:~/.my_smtp_tls.cert

Any objections?

Also, since I'm away Friday to Monday, I won't be committing any of this
stuff until Tuesday, when I can be more responsive to complaints about
missing bugs in the new code.  :-)

-- 
(domestic pets only, the antidote for overdose, milk.)
  bloggy blog http://lars.ingebrigtsen.no/

Re: What level to put STARTTLS certificates

[Ted Zlatanov]

On Wed, 15 Jun 2011 20:29:28 +0200 Lars Magne Ingebrigtsen <larsi@gnus.org> wrote: 

LMI> ;;(setq smtpmail-starttls-credentials
LMI> ;;      '(("YOUR SMTP HOST" 25 "~/.my_smtp_tls.key" "~/.my_smtp_tls.cert")))

LMI> But it strikes me that this is probably on the totally wrong level.  I
LMI> mean, any TLS connection can have user keys/certs connected to them, so
LMI> it seems to me that the right level to control this is on the
LMI> network-stream.el level, and not on the
LMI> smtpmail.el/pop3.el/nntp.el/imap.el level.

LMI> So I think I'll get rid of that variable, and put this stuff into
LMI> network-stream.el instead.

Cool.

LMI> I'm thinking the right place to stash this is in ~/.authinfo, since
LMI> these are credentials.  The format will be

LMI> machine smtp.gmail.com port 587 tls-key file:~/.my_smtp_tls.key tls-cert file:~/.my_smtp_tls.cert

LMI> Any objections?

Why do you need a file: prefix?  It should only work with local files
(we pass the file names in `gnutls-boot' to GnuTLS with
`gnutls_certificate_set_x509_key_file' so remote files can't work).  We
could support inlined certificates I guess, but it seems like it's
better to assume the token is a file name and extend it later.  It's by
far the most common case and the only one gnutls.c supports right now.

Looks good otherwise.

Ted

Re: What level to put STARTTLS certificates

[Lars Magne Ingebrigtsen]

Ted Zlatanov <tzz@lifelogs.com> writes:

> Why do you need a file: prefix?  It should only work with local files
> (we pass the file names in `gnutls-boot' to GnuTLS with
> `gnutls_certificate_set_x509_key_file' so remote files can't work).  We
> could support inlined certificates I guess, but it seems like it's
> better to assume the token is a file name and extend it later.  It's by
> far the most common case and the only one gnutls.c supports right now.

It's probably over-engineering.  I was thinking that perhaps, possibly,
it would make sense to allow any credential to be either gpg:, file: or
nothing, which would be the literal string.

So you could say "password file:~/.foo" if you wanted to, if you (say)
had some kind of system that generated passwords per Emacs session or
something.

So adding a file: name space would make it possible to extend the format
unambiguously if something like that would be useful.  But it would
probably not be useful.  :-)

-- 
(domestic pets only, the antidote for overdose, milk.)
  bloggy blog http://lars.ingebrigtsen.no/

Re: What level to put STARTTLS certificates

[Ted Zlatanov]

On Wed, 15 Jun 2011 23:25:09 +0200 Lars Magne Ingebrigtsen <larsi@gnus.org> wrote: 

LMI> Ted Zlatanov <tzz@lifelogs.com> writes:
>> Why do you need a file: prefix?  It should only work with local files
>> (we pass the file names in `gnutls-boot' to GnuTLS with
>> `gnutls_certificate_set_x509_key_file' so remote files can't work).  We
>> could support inlined certificates I guess, but it seems like it's
>> better to assume the token is a file name and extend it later.  It's by
>> far the most common case and the only one gnutls.c supports right now.

LMI> So you could say "password file:~/.foo" if you wanted to, if you (say)
LMI> had some kind of system that generated passwords per Emacs session or
LMI> something.

LMI> So adding a file: name space would make it possible to extend the format
LMI> unambiguously if something like that would be useful.  But it would
LMI> probably not be useful.  :-)

Let's default it to a file name, I think that's simplest and most
standard.  We can use a different key (tls-inline-key and
tls-inline-cert) for inlining, and even tls-key-provider and
tls-cert-provider for external programs.  No need for a new URL scheme,
especially since the Emacs file handlers already do a million things
with a file name.

Ted

Re: What level to put STARTTLS certificates

[Lars Magne Ingebrigtsen]

Ted Zlatanov <tzz@lifelogs.com> writes:

> Let's default it to a file name, I think that's simplest and most
> standard.

Sure.

Does anybody have a handy recipe for setting up SMTP client certificates
and stuff, by any chance?  I hate implementing stuff that I can't
test...

-- 
(domestic pets only, the antidote for overdose, milk.)
  bloggy blog http://lars.ingebrigtsen.no/