[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] Wget and Perfect Forward Secrecy
From: |
Daniel Kahn Gillmor |
Subject: |
Re: [Bug-wget] Wget and Perfect Forward Secrecy |
Date: |
Wed, 21 Aug 2013 11:40:09 -0400 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130630 Icedove/17.0.7 |
On 08/21/2013 10:45 AM, Tim Ruehsen wrote:
> 1. --secure-protocol=PFS (or whatever we agree on) for "everyone" (users that
> have no or not enough knowledge about GnuTLS/OpenSSL option strings).
> As the other --secure-protocol types (like e.g. 'auto'), this would map to a
> fixed option string.
if what if a user wanted to both (a) negotiate PFS and (b) exclude SSLv2
and SSLv3 ? Could they do that using --secure-protocol or would they
need to graduate to fancier configurations?
> 2. (to be discussed) --gnutls-options=<GnuTLS option string> and/or --openssl-
> options=<OpenSSL option string> for "experts". Here you can give your own
> idea
> of an option string. You can put these into /etc/wgetrc or ~/.wgetrc as
> default and override them via command line whenever the need arises.
If wget offers both 1 and 2, how would the two options interact if used
together?
I'm asking these questions to try to illuminate what i think are the
corner cases of the ideas, not because i think the ideas are bad ideas.
i like them both, and want to see them work sensibly :)
> I guess your suggestion of an --https-only mode fits into the current
> security
> discussion and I like it. I am pretty sure, people will use it.
>
> I would like to wait another week or so for feedback before I start creating
> a
> patch (for my two points above). Are you going to implement --https-only ?
i'm afraid i don't have time to implement --https-only in the forseeable
future, sorry :(
--dkg
signature.asc
Description: OpenPGP digital signature
- [Bug-wget] Wget and Perfect Forward Secrecy, Tim Ruehsen, 2013/08/15
- Re: [Bug-wget] Wget and Perfect Forward Secrecy, Tim Ruehsen, 2013/08/15
- Re: [Bug-wget] Wget and Perfect Forward Secrecy, Ángel González, 2013/08/15
- Re: [Bug-wget] Wget and Perfect Forward Secrecy, Daniel Kahn Gillmor, 2013/08/20
- Re: [Bug-wget] Wget and Perfect Forward Secrecy, Tim Ruehsen, 2013/08/21
- Re: [Bug-wget] Wget and Perfect Forward Secrecy, Daniel Kahn Gillmor, 2013/08/21
- Re: [Bug-wget] Wget and Perfect Forward Secrecy, Tim Ruehsen, 2013/08/21
- Re: [Bug-wget] Wget and Perfect Forward Secrecy,
Daniel Kahn Gillmor <=
- Re: [Bug-wget] Wget and Perfect Forward Secrecy, Tim Rühsen, 2013/08/21
- Re: [Bug-wget] Wget and Perfect Forward Secrecy, Tim Ruehsen, 2013/08/22