<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<title>
GitLab
</title>
<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">
<div>
<blockquote dir="auto">
<p>I personally <em>think</em> gnutls-cli dane support is not very useful as it is, i.e. this is not a documentation issue but an incomplete feature.</p>
</blockquote>
<p dir="auto">I agree, but this was an intentional design decision. DANE was implemented as an additional certificate validation mechanism, rather than as the primary validation mechanism which will trigger PKIX validation if it says so.</p>
<blockquote dir="auto">
<p>Let's assume I want to use gnutls-cli to check whether I have set up DANE correctly.
...
However I think we agree that it does not make sense to implement these arcane (possibly changing) policies in gnutls-cli.</p>
</blockquote>
<blockquote dir="auto">
<p>I do think though that the above 1/2abc should not be necessary, assuming the TLS-A choice is correct gnutls-cli should be able to verify trust , taking DANE correctly into account.</p>
</blockquote>
<p dir="auto">I would not be against such an improvement.</p>
</div>
</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #777777;">
—
<br>
Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/issues/557#note_107010123">view it on GitLab</a>.
<br>
You're receiving this email because of your account on gitlab.com.
If you'd like to receive fewer emails, you can
<a href="https://gitlab.com/sent_notifications/4cd7f2d86a43d7223ff6b7cf3b946fd6/unsubscribe">unsubscribe</a>
from this thread or
adjust your notification settings.
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/issues/557#note_107010123"}}</script>
</p>
</div>
</body>
</html>