[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking.
|
From: |
Eli Zaretskii |
|
Subject: |
Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking. |
|
Date: |
Wed, 08 Oct 2014 16:17:10 +0300 |
> From: Lars Magne Ingebrigtsen <address@hidden>
> Cc: address@hidden, address@hidden, address@hidden
> Date: Wed, 08 Oct 2014 15:06:52 +0200
>
> Eli Zaretskii <address@hidden> writes:
>
> > How can it return a valid descriptor without all the validations it
> > does before that, which (AFAIU) you want to delegate to Lisp now?
>
> It would validate the certificate, but never drop the connection even if
> the certificate is invalid. It would be up to `open-network-stream' to
> close the connection if the user decides to not accept the invalid (or
> self-signed) certificate.
So you want to return a descriptor for a connection that failed
certificate validation, and let the application handle that? That
could work, but I don't know what security-wary people here will tell
about keeping such connections.
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., (continued)
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Lars Magne Ingebrigtsen, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Lars Magne Ingebrigtsen, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Toke Høiland-Jørgensen, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Lars Magne Ingebrigtsen, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Toke Høiland-Jørgensen, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Lars Magne Ingebrigtsen, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Eli Zaretskii, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Lars Magne Ingebrigtsen, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Eli Zaretskii, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Lars Magne Ingebrigtsen, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking.,
Eli Zaretskii <=
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Lars Magne Ingebrigtsen, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Eli Zaretskii, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Lars Magne Ingebrigtsen, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Toke Høiland-Jørgensen, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Lars Magne Ingebrigtsen, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Eli Zaretskii, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Lars Magne Ingebrigtsen, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Eli Zaretskii, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Ted Zlatanov, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Lars Magne Ingebrigtsen, 2014/10/08