Control: forwarded -1 https://savannah.gnu.org/bugs/index.php?43501
On 2014-10-29 21:26:39 +0100, intrigeri wrote: > Then, keeping #745836 as a wishlist bug to track the missing feature, > and creating a clone about the more important (and more likely to be > fixed here) documentation bug. > > Regarding the missing feature, you might have better chances of seeing > this resolved by reporting it upstream :) (I've checked there [1] and > could not find it.) > > [1] https://savannah.gnu.org/bugs/?group=wget Done. > > This makes the user (who cares about certificate validity) assume that > > without the --no-check-certificate option, the site's authenticity is > > guaranteed, while this is currently absolutely wrong with the lack of > > revocation checking. > > There's no such thing as "guaranteed" wrt. IT security in general, and > even less so when one is relying on known-broken systems like the CA > cartel to authenticate remote parties. OK, but that's still much better than not checking at all. I often connect to public wifi hotspots, and I have no idea whether there are malicious people behind. If this is the case and they have the private key of a revoked certificate, the security is zero without checking revocation. -- Vincent Lefèvre <[email protected]> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon) -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
