Re: Opportunistic STARTTLS in smtpmail.el

[Ted Zlatanov]

On Mon, 02 May 2011 20:59:18 +0200 Lars Magne Ingebrigtsen <address@hidden> 
wrote: 

LMI> Ted Zlatanov <address@hidden> writes:
LMI> "--x509keyfile" "--x509certfile"
>> 
LMI> to gnutlc-cli.  `open-network-stream' has no concept of these things,
LMI> and I'm not sure gnutls.c has, either.  Ted?
>> 
>> Yes, definitely, with the :keyfiles and :trustfiles parameters to
>> `gnutls-boot'.

LMI> Right.  Would "--x509keyfile" correspond to :keyfiles and
LMI> "--x509certfile" to :trustfiles?

Oh wait, I think I'm wrong.  The key+cert files (client-side SSL certs)
are not the same as the trust files (which verify the server's SSL
cert).  Let me take a look, this may require another parameter or I'm
missing something.

>> This is all nasty, nasty for the user.  The whole
>> `smtpmail-starttls-credentials' structure can be replaced with
>> `auth-source-search' calls for all possible use cases.  The user can
>> say, for instance:
>> 
>> machine mysmtpserver.com login tzz password mypassword keyfile "~/.keyfile"

LMI> Yes, that makes a whole lot more sense.  Hm...  but on what level would
LMI> this be checked?  `open-network-stream' could do that, but if the auth
LMI> file is a .gpg file, it'll have to ask for a password just to check
LMI> whether there is a keyfile, which, in 99.99% of the cases there won't
LMI> be.

There's no problem with specifying an unencrypted authinfo file for a
specific server+port+user (or any subset) combination, see
`auth-sources'.  So the authinfo line would look like this:

machine mysmtpserver.com login tzz password mypassword keyfile "~/.keyfile" 
certfile "~/.certfile"

LMI> Uhm.  How did that discussion about non-secret credentials go?  :-)

Look!  It's Elvis! (runs away)

Ted