[gnutls-help] gnutls_dh_set_prime_bits question

Ted Zlatanov tzz at lifelogs.com
Thu Feb 13 15:02:25 CET 2014 

On Wed, 12 Feb 2014 19:57:43 +0100 Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote: 

NM> On 02/11/2014 03:33 PM, Ted Zlatanov wrote:
NM> On Mon, Feb 10, 2014 at 5:51 PM, Ted Zlatanov <tzz at lifelogs.com> wrote:
>>>> I didn't see that somehow build-aux/config.rpath got included in the
>>>> patch, which was already pretty long.  Sorry about that.
>> 
NM> There seems to be something wrong with the patch for documentation.
NM> There are duplicate sections (e.g. "Introduction to the library"), and
NM> it seems like it duplicates existing documention. Is that intentional?
>> 
>> Ugh.  I was editing the document and everything looked OK with `git
>> diff' but when I redirected it I caught some garbage in the patch.  I'm
>> sorry about that, no idea what happened[1].  See attached.

NM> Thanks. I've committed only part of it. I think mentioning the detailed
NM> mappings to ciphersuites or algorithms should be done in an appendix (or
NM> one can obtain the list in real-time by using gnutls-cli -l --priority
NM> NORMAL).

Maybe we should mention that method at the beginning of the list of
priority strings?

I think an auto-generated appendix would be terrific as a reference, so
you don't have to run gnutls-cli to find out what "NORMAL" means.  For
instance, if you're setting up priority strings in Emacs, it would be
really nice :)  It sounds reasonably easy with some scripting.  As text
it would be very convenient for grepping and diffing.

The meaning of e.g. "NORMAL" for a particular release is particularly
important, both to look for behavior changes as a diff and for users
stuck on that release.

NM> I'd prefer not to have such mappings in the main documentation so that
NM> there is freedom to rearrange algorithms and orders, as new attacks are
NM> being found without being bound to strict documented behavior.

Understood, it's a hassle certainly.

>> Should I mention for each priority string (I only did for "NORMAL") if
>> it enables or disabled DHE?

What do you think about this?

Thanks
Ted

More information about the Gnutls-help mailing list