Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking.

[Stephen J. Turnbull]

Ted Zlatanov writes:
 > On Wed, 08 Oct 2014 17:31:33 +0200 Lars Magne Ingebrigtsen <address@hidden> 
 > wrote: 

 > LMI> If the user can't answer questions, the default would be to reject
 > LMI> invalid certificates.
 > 
 > They are not necessarily invalid.

Youngsters these days have trouble with precise use of English, and
the usage "invalid" for "unable to establish a chain of trust to a
trusted root"" is common.  Get used to it, old man. :-)

FWIW, I think I'm one of the more paranoid folks around Emacs
development, and I don't see a problem with completing whatever
operations are necessary to get safely back to Lisp to query the user,
as long as

(1) No data is transmitted from Emacs to the remote, except that
    needed by the protocol to establish the connection (transmitting
    credentials should be avoided if possible, but that may not be
    possible in some protocols).

(2) All data received is squirreled away in a buffer inaccessible to
    Emacs (except for the code that will eventually move it to Lisp,
    of course), and this buffer is "read-locked" until permission is
    received from the user.

(3) The amount of data accepted is effectively limited (to avoid DoS
    attacks -- this is probably gilding a lily, but I am paranoid).

Regards,