[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: using GnuTLS 3.x and certificate checks
From: |
Christopher Schmidt |
Subject: |
Re: using GnuTLS 3.x and certificate checks |
Date: |
Wed, 5 Jun 2013 16:59:37 +0100 (BST) |
Ted Zlatanov <address@hidden> writes:
> CS> I think a verification mechanism should run unattended without
> CS> user interaction whatsoever. What's your use case for an
> CS> interactive verification snippet?
>
> TZ> How else could a user accept a previously unknown certificate?
>
> Ping? Any ideas?
I don't know. I don't think there is a common use case, though.
Those folks who set up their own verification or pinning mechanism in
favour of a ca-certificates.crt provided by the operating system usually
apply extra careful scrutiny and caution on all aspects of the
certificates. Accepting new certificates on-the-fly via interactive
minibuffer queries is not a good idea. I assume most folks would want
to abort the handshake and take a look at the full dump of all the certs
in the chain.
Check the Screenshots of Certificate Patrol.
https://addons.mozilla.org/en-US/firefox/addon/certificate-patrol/
I, for one, don't need or want any interactive query in case
verification fails. An user-error or returning an error status is
enough. (I already implemented certificate pinning support by
substituting open-network-stream with my own implementation. If
verification fails, the cert's received are printed to the
*Messages*-buffer and the connection is killed. My investigations
continues outside Emacs with the help of gnutls-cli --print-cert and
certtool. This system is easy to maintain, does not cause much trouble
and I don't have any complains so far.)
Christopher