curl / Mailing Lists / curl-users / Single Mail


Re: curl-users--insecure (Daniel Stenberg)

From: Daniel Stenberg <>
Date: Fri, 25 Aug 2017 10:06:46 +0200 (CEST)

On Thu, 24 Aug 2017, Timothe Litt wrote:

> To eliminate (or drastically reduce) --insecure, curl needs to make adding
> and using trust painless - at most a one-time confirmation. This is why the
> SSH 'known_hosts' model is attractive.

I started to jot down the exact steps that would be needed in order to have
curl do a "trust on first use" approach properly.

Here's what I have so far:

Most of the building stones are already available.

Received on 2017-08-25