[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A couple of questions and concerns about Emacs network security

From: Lars Ingebrigtsen
Subject: Re: A couple of questions and concerns about Emacs network security
Date: Sun, 24 Jun 2018 19:39:20 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux)

Jimmy Yuen Ho Wong <address@hidden> writes:

> I have just been looking at how to add OCSP as well, I noticed
> `gnutls-boot` already accepts `:crlfiles`, I have a `gnutls.el` patch
> that'll supply it to `gnutls-boot-parameters`.

I'm not quite sure I follow you here.  OCSP is the online query stuff,
and is something that gnutls doesn't do, I think, and which is probably
not something we want to do either.  (Chrome doesn't, for instance.)

But a certificate revocation list is something we could consider
distributing via ELPA, but that's a bigger project...

Or do you mean OCSP stapling?  There's so much going on in this area
(because it's a clusterfuck to begin with) that it can be challenging
keeping track.  :-)

> I'm testing it now, but I'm haven't a bit of trouble generating a CRL
> in PEM. Anyway, do you think it's worth it as a quick win to include
> in either master to 26.2 if it works?

If you're talking about distributing a certificate revocation list with
Emacs, I don't think that would be all that useful.

(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

reply via email to

[Prev in Thread] Current Thread [Next in Thread]