From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Ted Zlatanov Newsgroups: gmane.emacs.devel Subject: Re: Network security manager Date: Tue, 18 Nov 2014 12:28:29 -0500 Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos Message-ID: <8761ech0zm.fsf@lifelogs.com> References: <85a93pj1n5.fsf@stephe-leake.org> <87sihg7r73.fsf@alrua-karlstad.karlstad.toke.dk> <87a93oilxl.fsf@lifelogs.com> <87oas4h555.fsf@lifelogs.com> Reply-To: emacs-devel@gnu.org NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1416331845 29606 80.91.229.3 (18 Nov 2014 17:30:45 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Tue, 18 Nov 2014 17:30:45 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Nov 18 18:30:38 2014 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Xqmbs-0001z9-8R for ged-emacs-devel@m.gmane.org; Tue, 18 Nov 2014 18:30:36 +0100 Original-Received: from localhost ([::1]:54487 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xqmbr-0008Dh-QI for ged-emacs-devel@m.gmane.org; Tue, 18 Nov 2014 12:30:35 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:36216) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XqmbZ-000841-Ef for emacs-devel@gnu.org; Tue, 18 Nov 2014 12:30:30 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XqmbM-0008Hf-Hd for emacs-devel@gnu.org; Tue, 18 Nov 2014 12:30:17 -0500 Original-Received: from plane.gmane.org ([80.91.229.3]:55205) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XqmbM-0008EQ-9Y for emacs-devel@gnu.org; Tue, 18 Nov 2014 12:30:04 -0500 Original-Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1XqmbL-0001lB-G9 for emacs-devel@gnu.org; Tue, 18 Nov 2014 18:30:03 +0100 Original-Received: from c-98-229-61-72.hsd1.ma.comcast.net ([98.229.61.72]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 18 Nov 2014 18:30:03 +0100 Original-Received: from tzz by c-98-229-61-72.hsd1.ma.comcast.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 18 Nov 2014 18:30:03 +0100 X-Injected-Via-Gmane: http://gmane.org/ Mail-Followup-To: emacs-devel@gnu.org Original-Lines: 56 Original-X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: c-98-229-61-72.hsd1.ma.comcast.net X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux) Cancel-Lock: sha1:Vy5otBYx4yHI2Swb6T/3mmC0s/I= X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 80.91.229.3 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:177600 Archived-At: On Tue, 18 Nov 2014 17:15:09 +0100 Lars Magne Ingebrigtsen wrote: LMI> Ted Zlatanov writes: LMI> Sure... but since there's almost nothing human-readable (or something a LMI> machine can transform into something human-readable), I'm not quite sure LMI> what it should display... >> >> The list of explicitly saved security exceptions. LMI> But they are per sha1, so it's not really feasible to do anything about LMI> it for a human. That's how you implemented it. It's not necessarily how it should be. >> True, but I really don't see the harm in saving those in cleartext. LMI> I don't like the information leakage. Then the NSM is really a blob storage manager. >> Like I said, I would use a .gpg file if I was worried about leaking >> that data. With the current approach I think you'll see two problems: LMI> GPG isn't feasible because nobody wants to type passwords. Whuhh? >> 1) cruft will accumulate, since you don't know what's what LMI> Does it matter? Yes! Regular reviews are essential to actually managing security exceptions. >> 2) when servers change names or ports, you don't know what to remove LMI> You don't have to remove anything. No manual administration should be LMI> necessary. Unless you want to revoke a security exception. And then LMI> you might as well just delete the entire file. It's not like it's a lot LMI> of bother hitting the `a' key a couple times the next time you start LMI> up... Yes, it's a bother. We're talking about potentially dozens or hundreds of exceptions in a large enterprise. But let's assume the `a' key is large and easy to hit. Scenario 1: you allow a compromised server accidentally. You now can't review the exception list to remove that compromise. Scenario 2: someone allows a compromised server on purpose in a few seconds. You have no idea it happened. I'm sure there are other scenarios, but please don't make this a write-only data store. Ted