Re: Default value of tls-checktrust should be 'ask

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Default value of tls-checktrust should be 'ask

From:	Jason Rumney
Subject:	Re: Default value of tls-checktrust should be 'ask
Date:	Tue, 08 Apr 2008 10:19:51 +0100
User-agent:	Thunderbird 2.0.0.12 (Windows/20080213)

Sascha Wilde wrote:

the subject says it all.  ;-)

The current default is nil, which means that server certificates are not
checked which is a bad thing.  Not checking the certificate means, that
SSL/TLS connections, which are supposed to be "save" (and most users
will believe they are) are really not trustworthy.

We should also provide an easy way to insert the certificate into alocal trust store (ie 'ask will allow "always" and "never" as well as"yes" and "no" answers) , to give the power over who to trust back tothe users, rather than allowing companies like Verisign to monopoliseit. Does gnutls have a local per user store we can use for this?

[Prev in Thread]

Current Thread

[Next in Thread]

Default value of tls-checktrust should be 'ask, Sascha Wilde, 2008/04/08
- Re: Default value of tls-checktrust should be 'ask, Jason Rumney <=
  - Re: Default value of tls-checktrust should be 'ask, Sascha Wilde, 2008/04/08
    - Re: Default value of tls-checktrust should be 'ask, Jason Rumney, 2008/04/08
    - Re: Default value of tls-checktrust should be 'ask, Sascha Wilde, 2008/04/08

Prev by Date: Re: hunspell support
Next by Date: Re: font-lock-extend-region-multiline: Args out of range: 0, 0
Previous by thread: Default value of tls-checktrust should be 'ask
Next by thread: Re: Default value of tls-checktrust should be 'ask
Index(es):
- Date
- Thread