[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] Wget and Perfect Forward Secrecy

From: Daniel Kahn Gillmor
Subject: Re: [Bug-wget] Wget and Perfect Forward Secrecy
Date: Tue, 20 Aug 2013 18:05:45 -0400
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130630 Icedove/17.0.7

On 08/15/2013 04:36 AM, Tim Ruehsen wrote:
> Maybe a new option like --secure-options=... for expert users would be better 
> than recycling --secure-protocol.
> wgetrc should have two settings like secureoptionsgnutls and 
> secureoptionsopenssl. For when a user changes these settings and than 
> switches 
> between wget-gnutls and wget-openssl.

I like this idea.  On the GnuTLS mailing list, it is often encouraged
for applications which use the library to expose the priority string to
their users as a setting.

> Beside this 'expert' option, there should be a an 'everyones' option to 
> force/enable PFS, using --secure-protocol as I already suggested.

My only concern about this is what a mirroring/recursive wget would do
if it encountered an http:// or ftp:// link within its initial https://
fetch.  Would wget --secure-protocol refuse to fetch the cleartext link
(thereby failing to fully mirror), or would it go ahead and fetch it
(thereby failing to require a secure protocol)?


Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]