<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=utf-8" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<p class="details" style="font-style: italic; color: #777777;">

<a href="https://gitlab.com/nmav">Nikos Mavrogiannopoulos</a>

commented on a discussion

on <a href="https://gitlab.com/gnutls/gnutls/merge_requests/650#note_110394865">doc/cha-gtls-app.texi</a>:

</p>

<table>

<tr class="line_holder" id="">

<td class="diff-line-num old_line" data-linenumber="1300" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

1300

</td>

<td class="diff-line-num new_line" data-linenumber="1322" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

1322

</td>

<td class="line_content noteable_line" style="padding-left: 0.5em; padding-right: 0.5em;">

<pre style="margin: 0;"> <span id="LC1322" class="line" lang="plaintext">(i.e. different for the client than for the server).</span>

</pre>

</td>

</tr>

<tr class="line_holder" id="">

<td class="diff-line-num old_line" data-linenumber="1301" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

1301

</td>

<td class="diff-line-num new_line" data-linenumber="1323" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

1323

</td>

<td class="line_content noteable_line" style="padding-left: 0.5em; padding-right: 0.5em;">

<pre style="margin: 0;"> <span id="LC1323" class="line" lang="plaintext"></span>

</pre>

</td>

</tr>

<tr class="line_holder" id="">

<td class="diff-line-num old_line" data-linenumber="1302" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

1302

</td>

<td class="diff-line-num new_line" data-linenumber="1324" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

1324

</td>

<td class="line_content noteable_line" style="padding-left: 0.5em; padding-right: 0.5em;">

<pre style="margin: 0;"> <span id="LC1324" class="line" lang="plaintext">Currently supported types are:</span>

</pre>

</td>

</tr>

<tr class="line_holder old" id="">

<td class="diff-line-num old old_line" data-linenumber="1303" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#f9d7dc">

1303

</td>

<td class="diff-line-num new_line old" data-linenumber="1325" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#f9d7dc">

</td>

<td class="line_content noteable_line old" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#fbe9eb">

<pre style="margin: 0;">-<span id="LC1303" class="line" lang="plaintext">CTYPE-X509 or CTYPE-X.509. Catch all is CTYPE-ALL.</span>

</pre>

</td>

</tr>

<tr class="line_holder new" id="">

<td class="diff-line-num new old_line" data-linenumber="1304" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">

</td>

<td class="diff-line-num new new_line" data-linenumber="1325" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">

1325

</td>

<td class="line_content new noteable_line" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#ecfdf0">

<pre style="margin: 0;">+<span id="LC1325" class="line" lang="plaintext">CTYPE-X509 or CTYPE-X.509<span class="idiff left right">, CTYPE-RAWPK or CTYPE-RAWPUBKEY</span>. Catch all is CTYPE-ALL.</span>

</pre>

</td>

</tr>

</table>

<div>

<blockquote dir="auto" style="color: #7f8fa4; border-left-width: 3px; border-left-color: #eaeaea; border-left-style: solid; margin: 0; padding: 0 0 0 15px;">

<p>Yes you can. We do it in our TLS Pool project (<a href="https://github.com/arpa2/tlspool" rel="nofollow noreferrer noopener" target="_blank">https://github.com/arpa2/tlspool</a>).</p>

</blockquote>

<p dir="auto">I understand that some apps can do it.</p>

<blockquote dir="auto" style="color: #7f8fa4; border-left-width: 3px; border-left-color: #eaeaea; border-left-style: solid; margin: 0; padding: 0 0 0 15px;">

<p>Secondly, I understand your concern about giving users the power to enable features that the application was not developed for. With that in mind we can introduce a flag to be able to enable/disable rawpk functionality via an init flag. On the other hand, I don't see how a user can mess things up by setting certificate priorities? The system will only use credential types that are actually available and an application developer should check what type it receives and act accordingly. Do you have a specific scenario in mind which will break?</p>

</blockquote>

<p dir="auto">As long as this is a no-op unless one enables raw public keys in the application explicitly, it could work.</p>

<blockquote dir="auto" style="color: #7f8fa4; border-left-width: 3px; border-left-color: #eaeaea; border-left-style: solid; margin: 0; padding: 0 0 0 15px;">

<p>In the end I think we should make a decision about whether or not to use an extra init flag. If we do, I need to figure out how to incorporate it into the code.</p>

</blockquote>

<p dir="auto">I think we should to protect apps which may not be ready for it.</p>

</div>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #777777;">

—

<br>

Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/merge_requests/650#note_110394865">view it on GitLab</a>.

<br>

You're receiving this email because of your account on gitlab.com.

If you'd like to receive fewer emails, you can

<a href="https://gitlab.com/sent_notifications/9c8b61d2e48cc6e51621339535ae25ea/unsubscribe">unsubscribe</a>

from this thread or

adjust your notification settings.

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Merge request","url":"https://gitlab.com/gnutls/gnutls/merge_requests/650#note_110394865"}}</script>

</p>

</div>

</body>

</html>