[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: What level to put STARTTLS certificates
From: |
Ted Zlatanov |
Subject: |
Re: What level to put STARTTLS certificates |
Date: |
Wed, 15 Jun 2011 22:43:57 -0500 |
User-agent: |
Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.50 (gnu/linux) |
On Wed, 15 Jun 2011 23:25:09 +0200 Lars Magne Ingebrigtsen <address@hidden>
wrote:
LMI> Ted Zlatanov <address@hidden> writes:
>> Why do you need a file: prefix? It should only work with local files
>> (we pass the file names in `gnutls-boot' to GnuTLS with
>> `gnutls_certificate_set_x509_key_file' so remote files can't work). We
>> could support inlined certificates I guess, but it seems like it's
>> better to assume the token is a file name and extend it later. It's by
>> far the most common case and the only one gnutls.c supports right now.
LMI> So you could say "password file:~/.foo" if you wanted to, if you (say)
LMI> had some kind of system that generated passwords per Emacs session or
LMI> something.
LMI> So adding a file: name space would make it possible to extend the format
LMI> unambiguously if something like that would be useful. But it would
LMI> probably not be useful. :-)
Let's default it to a file name, I think that's simplest and most
standard. We can use a different key (tls-inline-key and
tls-inline-cert) for inlining, and even tls-key-provider and
tls-cert-provider for external programs. No need for a new URL scheme,
especially since the Emacs file handlers already do a million things
with a file name.
Ted