[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] wget/gnutls TOFU certificate authentication?
From: |
Giuseppe Scrivano |
Subject: |
Re: [Bug-wget] wget/gnutls TOFU certificate authentication? |
Date: |
Tue, 30 Sep 2014 16:10:18 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux) |
Daniel Kahn Gillmor <address@hidden> writes:
> when wget is built with gnutls, it has the opportunity to use gnutls'
> TOFU (trust on first use) style of certificate verification [0]. This
> has the potential to make wget behave similarly to ssh.
>
> Is there any interest in exposing this feature to users of wget (only
> when built with gnutls, and when requested by the user, of course).
>
> It's better than --no-check-certificates for dealing with self-signed
> certs that the user visits more than once.
>
> What do wget folks think of this possible feature?
I think that it can be a nice addition since as you said people end up
to use --no-check-certificates with self signed certificates and TOFU
can add security in this case.
Regards,
Giuseppe