Re: gnutls status

[Lars Magne Ingebrigtsen <larsi@gnus.org>]

Ted Zlatanov <tzz@lifelogs.com> writes:

> So we'd need to either 1) require 2.10.x, or 2) complicate the C code
> and API using just 2.8.x features and maybe figure out how to set up our
> own callback mechanism, or 3) use the 2.10.x features only when it's
> available, using autoconf detection, which is twice as complicated as
> (2).

Is 2.10.x at least backwards-compatible, so that if we do implement the
complicated 2.8.x features, it'll continue to work in the future, too?

> I think every package should explicitly choose to support gnutls.el, it
> shouldn't be an Emacs-wide choice.  There's too many configuration
> options that depend on the purpose.  For instance IMAP and HTTPS have
> really different security needs.

True.  On the other hand, look at `nnimap-open-connection' and weep.  It
started off as a simple function and grew into a monster.  That's why I
haven't adapted nntp/pop3/etc to use gnutls yet -- I don't want to have
to repeat the same code all over the place.

And the STARTTLS situation, in particular, is a nightmare, since the
sane gnutls way of doing it and the really awkward starttls.el way of
doing it require different code paths.

And we're going to have to support gnutls/tls.el/starttls.el in all the
connections for the unforeseeable future.  I kinda want to write a new
connection framework that'll just separate out all this cruft into a
separate package, but I can't really see a sensible unified interface.
Especially with the STARTTLS stuff.

I mean, ideally, in the future whenever you do a
pop3/imap/nntp/smtp/etc connection, Emacs should opportunistically
switch on STARTTLS if the server supports it.  Encryption is good.
Switching on STARTTLS is virtually free if you have gnutls.  It's really
expensive if you don't.  I mean, time-wise for the user.

But I don't really see an easy way to do that.  You'd need
protocol-specific callbacks and stuff.  And I hate frameworks.  And
it'll be brittle, anyway, since starttls.el is kinda brittle.

But I do think we need some kinda of compat library to avoid going
totally insane.

-- 
(domestic pets only, the antidote for overdose, milk.)
  larsi@gnus.org * Lars Magne Ingebrigtsen