Re: [Lynx-dev] SSL known_certs?

[Thorsten Glaser]

Stefan Caunter dixit:

>site name or IP is the same, cert is different so warn

Yes.

>like openssl

No. OpenSSL only errors out if the certificate is not valid. What
I want to do is an OpenSSH-like caching of the verified certs,
sort of like “we trusted it once, so we can ‘trust’ it later if
it stays the same” (or at least: the degree of trust does not de-
crease if the certificate stays the same).

>you could "remind" that this site still has cert issues, specifying
>cert mismatch, name mismatch

Yes, but without having the user press a key to continue. Some sites
have self-signed certificates, which just sucks, but you’re forced,
e.g. by the employer, to use them, and I do *not* want to disable my
lynx certificate validation.

Plus, I’d like to know when the online banking service changes its
certificate, even if the new one is perfectly valid.

Maybe an option…

>just thinking out loud but is a timestamp useful to analyze change behaviour?

Nope, this could be abused to track browsing behaviour.

>does the root trust match with DNS, so are we tying into SSL_CERT_DIR
>for checking and do we go with that as ultimate authority or negotiate
>between this .etc/known_certs and the system cert dir, like /etc/hosts
>and DNS works, and does there need to be awareness of this.

Then I’d probably just store the DNS information we already have anyway
since we connect to the site, and compare with what we have anyway when
we connect to it the second time. Then, trusting DNS is not an issue,
because we are only using information we require to connect to the site
in question anyway.

bye,
//mirabilos
-- 
Sometimes they [people] care too much: pretty printers [and syntax highligh-
ting, d.A.] mechanically produce pretty output that accentuates irrelevant
detail in the program, which is as sensible as putting all the prepositions
in English text in bold font.   -- Rob Pike in "Notes on Programming in C"