emacs-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gnus/starttls.el and net/tls.el

From: Simon Josefsson
Subject: Re: gnus/starttls.el and net/tls.el
Date: Thu, 15 Nov 2007 15:20:35 +0100
User-agent: Gnus/5.110007 (No Gnus v0.7) Emacs/22.1 (gnu/linux) 
Richard Stallman <address@hidden> writes:

>     tls.el starts talking TLS to the server directly.  starttls.el, however,
>     does not begin talking TLS until the application calls
>     starttls-negotiate.  In other words, starttls.el allows an unencrypted
>     phase before the encrypted phase starts.
>
> Would it be hard to extend tls.el to provide a way to do this?

It would require some work, but it is possible.  (Alas, I don't think I
have time to do it.)

Semantically, the tls-package could be implemented via starttls.el by
calling the 'open' and then the 'negotiate' function.  However, tls.el
and starttls.el differ by supporting different external tools, so some
users may get upset if, e.g., the 'starttls' or 'OpenSSL' way stops
working.

I'm not sure I understand the reason though.  Is it to avoid having two
files?  If so, how about moving the code in starttls.el into tls.el?
That would make it easier to slowly re-factor the code to avoid code
duplication.  On the other hand, starttls.el is used by a couple of
packages already, which may break.

>     tls.el can use openssl and gnutls.  starttls.el can use gnutls and a
>     tool called 'starttls'.
>
> What is the point of `starttls'?  For what purpose is it useful
> to use that, rather than GNUtls?

Today, I don't think there is any reason, but I may be biased towards
favoring GnuTLS.  gnutls-cli didn't used to support starttls operations,
but it does today.  As far as I remember, 'starttls' doesn't verify
server certificates, so starttls may be considered insecure.

/Simon
reply via email to
[Prev in Thread] Current Thread [Next in Thread]