[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: NSM certificate prompt
|
From: |
Michael Albinus |
|
Subject: |
Re: NSM certificate prompt |
|
Date: |
Sun, 14 Dec 2014 13:52:10 +0100 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.0.50 (gnu/linux) |
Ted Zlatanov <address@hidden> writes:
> While CRL support is a good way to deal with this in general, I still
> think giving the user the option to manage their trustfiles is valuable.
> But we should definitely try to support CRLs or DANE more urgently,
> rather than expecting the user to manage trustfiles and certificate
> revocations.
CRLs are a good thing, in theory. But they work only when you are
online, and when you are able to retrieve a proper CRL from the CA. If
the CA is blocked by whatever means, CRLs don't work.
DANE uses an indepedent way in order to give you trust into a given
certificate (via DNSSec). However, I don't know how much it is supported
already, by both the servers and by gnutls as client.
I do not object to support CRLs and DANE, but we shouldn't expect
perfect trust then.
> Ted
Best regards, Michael.
- Re: NSM certificate prompt, (continued)
- Re: NSM certificate prompt, Michael Albinus, 2014/12/13
- Re: NSM certificate prompt, Eli Zaretskii, 2014/12/13
- Re: NSM certificate prompt, Ted Zlatanov, 2014/12/13
- Re: NSM certificate prompt, Eli Zaretskii, 2014/12/13
- Re: NSM certificate prompt, Lars Magne Ingebrigtsen, 2014/12/13
- Re: NSM certificate prompt, Ted Zlatanov, 2014/12/13
- Re: NSM certificate prompt, Eli Zaretskii, 2014/12/13
- Re: NSM certificate prompt, Lars Magne Ingebrigtsen, 2014/12/14
- Re: NSM certificate prompt, Eli Zaretskii, 2014/12/14
- Re: NSM certificate prompt, Ted Zlatanov, 2014/12/14
- Re: NSM certificate prompt,
Michael Albinus <=
- Re: NSM certificate prompt, Eli Zaretskii, 2014/12/14