curl-users
Re: curl-users--insecure (Daniel Stenberg)
From: Daniel Stenberg <daniel_at_haxx.se>
Date: Fri, 25 Aug 2017 10:06:46 +0200 (CEST)
Date: Fri, 25 Aug 2017 10:06:46 +0200 (CEST)
On Thu, 24 Aug 2017, Timothe Litt wrote:
> To eliminate (or drastically reduce) --insecure, curl needs to make adding
> and using trust painless - at most a one-time confirmation. This is why the
> SSH 'known_hosts' model is attractive.
I started to jot down the exact steps that would be needed in order to have
curl do a "trust on first use" approach properly.
Here's what I have so far:
https://github.com/curl/curl/wiki/Trust-On-First-Use
Most of the building stones are already available.
-- / daniel.haxx.se ----------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users Etiquette: https://curl.haxx.se/mail/etiquette.htmlReceived on 2017-08-25