[gnutls-help] Improving X.509 certificate validation errors

Martin Ukrop mukrop at mail.muni.cz
Fri Mar 6 22:01:36 CET 2020 

Hi Nikos,

OK, I'll move it there about tomorrow – I was not sure which place is ideal
(it's quite different in different libraries).

Thanks for the tip,
Martin.


On Fri, 6 Mar 2020 at 16:08, Nikos Mavrogiannopoulos <nmav at gnutls.org>
wrote:

> Hi Martin,
>  Would you like to move your questions to our gitlab.com site as an
> issue to initiate the discussion? I am not sure all in the development
> team follow this mailing list.
>
> regards,
> Nikos
>
> On Thu, Mar 5, 2020 at 4:48 PM Martin Ukrop <mukrop at mail.muni.cz> wrote:
> >
> > Hi,
> >
> > I’m the lead of a university project investigating (and improving) the
> usability of certificate validation errors. Our goal is to simplify the
> ecosystem by consolidating the errors and their documentation in one place,
> providing replicable example certificates for all validation errors and by
> explaining better what the individual errors mean. The project is live at
> https://x509errors.org/
> >
> > Now we are reaching out to library developers and users (you) to ask for
> feedback.
> >
> > Currently, we base the system on OpenSSL errors (as it’s the most
> common). We have example certificates for 30+ OpenSSL errors and
> in-progress mapping for corresponding errors error for OpenSSL, GnuTLS,
> Botan and MbedTLS.
> > In the future, we plan the possibility of web reorganization based on
> the other libraries (currently, the web is organized by OpenSSL), adding
> the error frequencies based on IP-wide scans and elaborating on the
> consequences of individual errors.
> > Ultimately, we want to propose better (ideally user-tested) errors and
> their documentation. (Just recently, we made a survey among 180 developers
> regarding their error documentation preference with good reception).
> >
> > As developers/users of TLS libraries, what do you think of the idea?
> > * Which part(s) do you find the most/least useful?
> > * Is there anything you see missing?
> > * What are your thoughts on unifying the error taxonomy? (a very
> long-term goal, if at all possible)
> >
> > During spring, we would like to start creating pull requests improving
> the documentation and error messages in some of the libraries. Would you
> welcome such contributions?
> >
> > For transparency: My PhD is done at Masaryk University (Czech Republic)
> and I’m partially supported by Red Hat Czech.
> >
> > With regards,
> > Martin.
> > _______________________________________________
> > Gnutls-help mailing list
> > Gnutls-help at lists.gnutls.org
> > http://lists.gnupg.org/mailman/listinfo/gnutls-help
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-help/attachments/20200306/b5b9d56f/attachment.html>

More information about the Gnutls-help mailing list