|
| From: | Jason Rumney |
| Subject: | Re: Default value of tls-checktrust should be 'ask |
| Date: | Tue, 08 Apr 2008 12:08:09 +0100 |
| User-agent: | Thunderbird 2.0.0.12 (Windows/20080213) |
Sascha Wilde wrote:
Jason Rumney <address@hidden> wrote:We should also provide an easy way to insert the certificate into a local trust store (ie 'ask will allow "always" and "never" as well as "yes" and "no" answers) , to give the power over who to trust back to the users, rather than allowing companies like Verisign to monopolise it. Does gnutls have a local per user store we can use for this?No need for this, you can always add (or remove) any CAs root certificate, see tls-checktrust docstring for examples on how to configure a specific root-cert collection. (and of cause the documentation for gnutls for further details.)
How does the docstring of tls-checktrust solve the problem? There is no convenient UI for trusting individual server certificates, independantly of the CA that issued them (many servers I use have self-signed certificates). Telling the user to sort out their configuration outside of Emacs is not an acceptable substitute. Emacs users should not have to become experts in gnutls configuration merely to use an SSL enabled mail server.
| [Prev in Thread] | Current Thread | [Next in Thread] |