[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#13374: 24.?; open-gnutls-stream insecurity
|
From: |
Glenn Morris |
|
Subject: |
bug#13374: 24.?; open-gnutls-stream insecurity |
|
Date: |
Mon, 07 Jan 2013 23:27:23 -0500 |
|
User-agent: |
Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/) |
Lars Magne Ingebrigtsen wrote:
> Well, the issue is what we do when we get a certificate we can't
> validate.
>
> The traditional thing to do is to query the user for whether to connect
> anyway, and whether to record a permanent exception for that
> certificate.
>
> The code to do that hasn't been written yet.
>
> It's very common for SMTP and IMAP servers to use self-signed
> certificates, so just forcing ":validate t" for all connections would
> essentially mean that Emacs would be unusable for reading/sending email
> (using encryption) before that code has been written.
Ah well, ok, thanks for the explanation. It sounds then like it's
probably better to leave this for trunk rather than try and force it
into 24.3 at this relatively late stage.
- bug#13374: 24.?; open-gnutls-stream insecurity, Oleksii Shevchuk, 2013/01/07
- bug#13374: 24.?; open-gnutls-stream insecurity, Glenn Morris, 2013/01/07
- bug#13374: 24.?; open-gnutls-stream insecurity, Lars Magne Ingebrigtsen, 2013/01/07
- bug#13374: 24.?; open-gnutls-stream insecurity,
Glenn Morris <=
- bug#13374: 24.?; open-gnutls-stream insecurity, Lars Magne Ingebrigtsen, 2013/01/07
- bug#13374: 24.?; open-gnutls-stream insecurity, Ted Zlatanov, 2013/01/08
- bug#13374: 24.?; open-gnutls-stream insecurity, Lars Magne Ingebrigtsen, 2013/01/08
- bug#13374: 24.?; open-gnutls-stream insecurity, Ted Zlatanov, 2013/01/08
- bug#13374: 24.?; open-gnutls-stream insecurity, Stefan Monnier, 2013/01/08