Download
Browse source Changelog
Documentation
Project   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users curl-announce curl-commits Book: Everything curl Report a bug Mail Etiquette
Development
Autobuilds Code Style Contribute Internals Release Notes Release Procedure Roadmap Run Tests Security Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-users / Single Mail

curl-users

Re: curl-users--insecure (Daniel Stenberg)

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Fri, 25 Aug 2017 10:06:46 +0200 (CEST)

On Thu, 24 Aug 2017, Timothe Litt wrote:

> To eliminate (or drastically reduce) --insecure, curl needs to make adding
> and using trust painless - at most a one-time confirmation. This is why the
> SSH 'known_hosts' model is attractive.

I started to jot down the exact steps that would be needed in order to have
curl do a "trust on first use" approach properly.

Here's what I have so far:

   https://github.com/curl/curl/wiki/Trust-On-First-Use

Most of the building stones are already available. 

-- 
  / daniel.haxx.se
-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette:   https://curl.haxx.se/mail/etiquette.html
Received on 2017-08-25