gnutls policies build upon gnutls NORMAL and not NONE
Current gnutls policies start from gnutls'
NORMAL and selectively enable/disable things from there.
Updates in gnutls
NORMAL will thus silently change the end result behaviour
(see !62 (merged), !68 (merged) for examples of unwanted overprohibiting).
A more robust option would be to build up upon gnutls
NONE instead, e.g.,
Would be valuable to know why NONE wasn't used in the first place, was that somehow problematic with older gnutls?