From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Ted Zlatanov Newsgroups: gmane.emacs.devel Subject: Re: Network security manager Date: Mon, 17 Nov 2014 11:04:22 -0500 Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos Message-ID: <87bno5ke49.fsf@lifelogs.com> References: <87wq6uj5gt.fsf@lifelogs.com> <87k32tkh1x.fsf@lifelogs.com> Reply-To: emacs-devel@gnu.org NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1416240291 21970 80.91.229.3 (17 Nov 2014 16:04:51 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Mon, 17 Nov 2014 16:04:51 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Nov 17 17:04:45 2014 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1XqOnE-00014Z-7h for ged-emacs-devel@m.gmane.org; Mon, 17 Nov 2014 17:04:44 +0100 Original-Received: from localhost ([::1]:48616 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XqOnD-0005bM-P1 for ged-emacs-devel@m.gmane.org; Mon, 17 Nov 2014 11:04:43 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:45091) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XqOml-0005Ux-2V for emacs-devel@gnu.org; Mon, 17 Nov 2014 11:04:21 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XqOmf-0007PJ-96 for emacs-devel@gnu.org; Mon, 17 Nov 2014 11:04:15 -0500 Original-Received: from plane.gmane.org ([80.91.229.3]:37629) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XqOmf-0007P5-3F for emacs-devel@gnu.org; Mon, 17 Nov 2014 11:04:09 -0500 Original-Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1XqOmd-0000jT-Fe for emacs-devel@gnu.org; Mon, 17 Nov 2014 17:04:07 +0100 Original-Received: from c-98-229-61-72.hsd1.ma.comcast.net ([98.229.61.72]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 17 Nov 2014 17:04:07 +0100 Original-Received: from tzz by c-98-229-61-72.hsd1.ma.comcast.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 17 Nov 2014 17:04:07 +0100 X-Injected-Via-Gmane: http://gmane.org/ Mail-Followup-To: emacs-devel@gnu.org Original-Lines: 44 Original-X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: c-98-229-61-72.hsd1.ma.comcast.net X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux) Cancel-Lock: sha1:xnca8febBlng9vN1F3alVgENk6c= X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 80.91.229.3 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:177432 Archived-At: On Mon, 17 Nov 2014 16:22:57 +0100 Lars Magne Ingebrigtsen wrote: LMI> Ted Zlatanov writes: >> I don't know how complicated it will be internally, but I don't think it >> will endanger any existing functionality (except TLS connections, of >> course). LMI> Let's say you fetch mail from pop3 from a server that has a self-signed LMI> certificate as a batch job. The network security manager will say "The LMI> server uses a self-signed certificate, so Emacs can't verify the LMI> authenticity of the server. Connect anyway? (no, this session only, LMI> always)" (or something like that). How common is this scenario and how strongly do you feel we should support it? Generally we could distinguish between POP3 and SMTP and IMAP and such, where self-signed certificates are common, and HTTP/S and generic connections, where they aren't. Does that seem reasonable? I would personally prefer forcing the user to run interactively at least once and accept the certificate. Too much magic is sure to complicate everyone's life. LMI> But since it's a batch job, we can't ask the user, and the connection LMI> will fail. (Unless we decide to have the batch default be the LMI> opposite -- always answer "this session only".) I'd add a CLI option --insecure/-k (same as curl) to override the default, but no more than that, and without special --batch behavior. LMI> So perhaps it's better for Emacs 25.1? LMI> Especially if we can release 25.1 in a timely manner. >"? I really would prefer that we treat this as a bug. It's unfortunate that resolving it is complicated, but we've delayed the fix for a while. Can you please work against emacs-24? It's easy enough to apply the changes to master if that's the final decision and I don't think master has anything you need. Except maybe the read-only text property thing you added. Ted