Daniel Kahn Gillmor <[email protected]> writes: > when wget is built with gnutls, it has the opportunity to use gnutls' > TOFU (trust on first use) style of certificate verification [0]. This > has the potential to make wget behave similarly to ssh. > > Is there any interest in exposing this feature to users of wget (only > when built with gnutls, and when requested by the user, of course). > > It's better than --no-check-certificates for dealing with self-signed > certs that the user visits more than once. > > What do wget folks think of this possible feature?
I think that it can be a nice addition since as you said people end up to use --no-check-certificates with self signed certificates and TOFU can add security in this case. Regards, Giuseppe
