Re: [Bug-wget] wget/gnutls TOFU certificate authentication?

bug-wget

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] wget/gnutls TOFU certificate authentication?

From:	Giuseppe Scrivano
Subject:	Re: [Bug-wget] wget/gnutls TOFU certificate authentication?
Date:	Tue, 30 Sep 2014 16:10:18 +0200
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux)

Daniel Kahn Gillmor <address@hidden> writes:

> when wget is built with gnutls, it has the opportunity to use gnutls'
> TOFU (trust on first use) style of certificate verification [0].  This
> has the potential to make wget behave similarly to ssh.
>
> Is there any interest in exposing this feature to users of wget (only
> when built with gnutls, and when requested by the user, of course).
>
> It's better than --no-check-certificates for dealing with self-signed
> certs that the user visits more than once.
>
> What do wget folks think of this possible feature?

I think that it can be a nice addition since as you said people end up
to use --no-check-certificates with self signed certificates and TOFU
can add security in this case.

Regards,
Giuseppe

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug-wget] wget/gnutls TOFU certificate authentication?, Daniel Kahn Gillmor, 2014/09/30
- Re: [Bug-wget] wget/gnutls TOFU certificate authentication?, Giuseppe Scrivano <=
  - Re: [Bug-wget] wget/gnutls TOFU certificate authentication?, Tim Ruehsen, 2014/09/30
    - Re: [Bug-wget] wget/gnutls TOFU certificate authentication?, Daniel Kahn Gillmor, 2014/09/30
    - Re: [Bug-wget] wget/gnutls TOFU certificate authentication?, Giuseppe Scrivano, 2014/09/30

Prev by Date: [Bug-wget] wget/gnutls TOFU certificate authentication?
Next by Date: [Bug-wget] [PATCH] Fixing a memleak
Previous by thread: [Bug-wget] wget/gnutls TOFU certificate authentication?
Next by thread: Re: [Bug-wget] wget/gnutls TOFU certificate authentication?
Index(es):
- Date
- Thread