|
From: | Jason Rumney |
Subject: | Re: Default value of tls-checktrust should be 'ask |
Date: | Tue, 08 Apr 2008 10:19:51 +0100 |
User-agent: | Thunderbird 2.0.0.12 (Windows/20080213) |
Sascha Wilde wrote:
the subject says it all. ;-) The current default is nil, which means that server certificates are not checked which is a bad thing. Not checking the certificate means, that SSL/TLS connections, which are supposed to be "save" (and most users will believe they are) are really not trustworthy.
We should also provide an easy way to insert the certificate into a local trust store (ie 'ask will allow "always" and "never" as well as "yes" and "no" answers) , to give the power over who to trust back to the users, rather than allowing companies like Verisign to monopolise it. Does gnutls have a local per user store we can use for this?
[Prev in Thread] | Current Thread | [Next in Thread] |