[Bug-wget] wget/gnutls TOFU certificate authentication?

bug-wget

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-wget] wget/gnutls TOFU certificate authentication?

From:	Daniel Kahn Gillmor
Subject:	[Bug-wget] wget/gnutls TOFU certificate authentication?
Date:	Tue, 30 Sep 2014 09:36:51 -0400
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:32.0) Gecko/20100101 Icedove/32.0

when wget is built with gnutls, it has the opportunity to use gnutls'
TOFU (trust on first use) style of certificate verification [0].  This
has the potential to make wget behave similarly to ssh.

Is there any interest in exposing this feature to users of wget (only
when built with gnutls, and when requested by the user, of course).

It's better than --no-check-certificates for dealing with self-signed
certs that the user visits more than once.

What do wget folks think of this possible feature?

        --dkg

[0]
http://gnutls.org/manual/gnutls.html#Simple-client-example-with-SSH_002dstyle-certificate-verification

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug-wget] wget/gnutls TOFU certificate authentication?, Daniel Kahn Gillmor <=
- Re: [Bug-wget] wget/gnutls TOFU certificate authentication?, Giuseppe Scrivano, 2014/09/30
  - Re: [Bug-wget] wget/gnutls TOFU certificate authentication?, Tim Ruehsen, 2014/09/30
    - Re: [Bug-wget] wget/gnutls TOFU certificate authentication?, Daniel Kahn Gillmor, 2014/09/30
    - Re: [Bug-wget] wget/gnutls TOFU certificate authentication?, Giuseppe Scrivano, 2014/09/30

Prev by Date: Re: [Bug-wget] [PATCH] Using parallel test harness
Next by Date: Re: [Bug-wget] wget/gnutls TOFU certificate authentication?
Previous by thread: [Bug-wget] [Bug-Wget] Issues with Perl-based test suite
Next by thread: Re: [Bug-wget] wget/gnutls TOFU certificate authentication?
Index(es):
- Date
- Thread