[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: What level to put STARTTLS certificates

From: Ted Zlatanov
Subject: Re: What level to put STARTTLS certificates
Date: Wed, 15 Jun 2011 22:43:57 -0500
User-agent: Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.50 (gnu/linux)

On Wed, 15 Jun 2011 23:25:09 +0200 Lars Magne Ingebrigtsen <address@hidden> 

LMI> Ted Zlatanov <address@hidden> writes:
>> Why do you need a file: prefix?  It should only work with local files
>> (we pass the file names in `gnutls-boot' to GnuTLS with
>> `gnutls_certificate_set_x509_key_file' so remote files can't work).  We
>> could support inlined certificates I guess, but it seems like it's
>> better to assume the token is a file name and extend it later.  It's by
>> far the most common case and the only one gnutls.c supports right now.

LMI> So you could say "password file:~/.foo" if you wanted to, if you (say)
LMI> had some kind of system that generated passwords per Emacs session or
LMI> something.

LMI> So adding a file: name space would make it possible to extend the format
LMI> unambiguously if something like that would be useful.  But it would
LMI> probably not be useful.  :-)

Let's default it to a file name, I think that's simplest and most
standard.  We can use a different key (tls-inline-key and
tls-inline-cert) for inlining, and even tls-key-provider and
tls-cert-provider for external programs.  No need for a new URL scheme,
especially since the Emacs file handlers already do a million things
with a file name.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]