[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Network security manager
From: |
Lars Magne Ingebrigtsen |
Subject: |
Re: Network security manager |
Date: |
Wed, 19 Nov 2014 09:46:12 +0100 |
User-agent: |
Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux) |
Ted Zlatanov <address@hidden> writes:
> What do you think about the verification and TOFU implementation in
> gnutls-cli? Please see
> https://gitorious.org/gnutls/gnutls/raw/master:src/cli.c inside
> cert_verify_callback() for the details.
>
> * uses SSH-style gnutls_store_pubkey() and gnutls_verify_stored_pubkey()
> to DTRT and pins the public key rather than the certificate
> fingerprint. The pub keys are stored by default in a way that lets the
> user look them up by hostname, but we can customize that. And it's
> mostly handled by GnuTLS internals as far as pubkey extraction and
> verification.
>
> * does DANE auth (although I don't know the details on DANE, the
> client implementation looks reasonable and Toke suggested it)
>
> * checks OCSP for revocations using cert_verify_ocsp() in the same cli.c
So gnutls proper doesn't do this? We'd have to implement it ourselves
if we want it... (I mean, copy chunks of their code. >"?)
Can we do DANE and OCSP from Emacs Lisp?
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
- Re: Network security manager, (continued)
- Re: Network security manager, Toke Høiland-Jørgensen, 2014/11/18
- Re: Network security manager, Ted Zlatanov, 2014/11/18
- Re: Network security manager, Toke Høiland-Jørgensen, 2014/11/19
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/19
- Re: Network security manager, Ted Zlatanov, 2014/11/19
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/19
- Re: Network security manager, Ted Zlatanov, 2014/11/19
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/19
- Re: Network security manager, Ted Zlatanov, 2014/11/19
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/19
- Re: Network security manager,
Lars Magne Ingebrigtsen <=
- Re: Network security manager, Toke Høiland-Jørgensen, 2014/11/18
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/18
- Re: Network security manager, Toke Høiland-Jørgensen, 2014/11/18
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/18
- Re: Network security manager, Toke Høiland-Jørgensen, 2014/11/18
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/18
- Re: Network security manager, Toke Høiland-Jørgensen, 2014/11/18
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/18
- Re: Network security manager, Toke Høiland-Jørgensen, 2014/11/19
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/19