Re: NSM certificate prompt

[Ted Zlatanov]

On Sat, 13 Dec 2014 22:06:55 +0200 Eli Zaretskii <address@hidden> wrote: 

>> From: Ted Zlatanov <address@hidden>
>> Date: Sat, 13 Dec 2014 14:47:32 -0500
>> 
>> I'd make it the default, but through the trustfiles list: if the symbol
>> 'system is found in the list, we load the system trust. And that's the
>> default.  But the user can add their own trustfiles, as they do now.

EZ> What would be the reason for the user to remove 'system from the list?
EZ> If a user is somehow not happy about system trust data, she should
EZ> customize her system (if she is authorized), not Emacs.  E.g., add a
EZ> list of blacklisted certificates, remove certificates from the bundle,
EZ> etc.

I don't see how it's OK to exclude users who are not authorized to
customize their systems.  This is a common case.

Another case is where the system is out of date and you don't have the
option of updating it, because it's too old or the update server is
down.

There's also the case that you may not want to use the host OS's trust
store for your own reasons.  That should not be a struggle.  Emacs is
not a all-in-one web browser, it's a platform.  Don't take away the
users' choice of who they trust.

Furthermore, GnuTLS until recently didn't have this functionality and
somehow we survived. So it's not essential.

But even if we decide to make 'system the only option, we'd have "if
you're running GnuTLS 3.x or older, you'll get this behavior, but with
3.y or newer, another behavior." I think it's pretty unpleasant behavior
to dynamically toggle who you trust based on system library versions. So
unless we *only* support GnuTLS versions that have this functionality,
I'm strongly against making it the only option when it's available.

Finally, we have to consider backward compatibility.  Users who have
customized their trustfiles should not be surprised.  We can put
warnings in NEWS and blame the users when they don't read them, but I
think it's much nicer to preserve the users' customizations.

Ted