From: Simon Josefsson <jas@extundo.com>
Cc: emacs-devel@gnu.org, Daiki Ueno <ueno@unixuser.org>
Subject: Replace starttls.el with GNUTLS based version?
Date: Mon, 01 Dec 2003 03:31:49 +0100 [thread overview]
Message-ID: <ilun0adjmju.fsf@latte.josefsson.org> (raw)
How many uses STARTTLS? For SMTP or IMAP? The external program
'starttls' isn't widely available (e.g., not packaged by Debian) and
it uses OpenSSL, so I would like to replace the current starttls.el
with a (partially) backwards compatible version that uses GNUTLS. It
is currently installed in Gnus CVS contrib/starttls.el, and I have
been using it for a while.
The only problem I perceive is that if anyone is using client X.509
certificates, they will have to move from `starttls-extra-args' to
`starttls-extra-argument'. (That is the backwards incompatible part.)
Because there appear to be a bug in the "starttls" application that
make client authentication useless because the verification result is
ignored, I suspect not many uses X.509 client certificates with
STARTTLS, or at least not anyone who cares enough about security to
audit the tools they use. So nobody, even users that have configured
client certificates, would lose security by changing to anonymous TLS
with gnutls-cli. However, they can increase security by setting the
new s-e-a variable.
So, does anyone have an opinion for or against moving
gnus/contrib/starttls.el into gnus/lisp/starttls.el and
emacs/lisp/gnus/starttls.el? In Emacs, lisp/gnus/imap.el have to be
modified as well (it currently use hard coded filenames, and assumes
things about how the old starttls.el was implemented), but
lisp/mail/smtpmail.el work with STARTTLS unmodified.
To test this in Gnus, simply copy contrib/starttls.el over
lisp/starttls.el and rebuild.
next reply other threads:[~2003-12-01 2:31 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-12-01 2:31 Simon Josefsson [this message]
2003-12-01 17:57 ` Steven E. Harris
2003-12-01 19:49 ` Simon Josefsson
2003-12-01 20:16 ` Josh Huber
2003-12-01 21:17 ` Nevin Kapur
2003-12-01 21:24 ` Simon Josefsson
2003-12-01 22:36 ` Nevin Kapur
2003-12-01 22:10 ` Steven E. Harris
2003-12-01 22:19 ` Richard Stallman
2003-12-02 13:28 ` Simon Josefsson
2003-12-02 16:35 ` Stefan Monnier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ilun0adjmju.fsf@latte.josefsson.org \
--to=jas@extundo.com \
--cc=ding@gnus.org \
--cc=emacs-devel@gnu.org \
--cc=ueno@unixuser.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).