From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Ted Zlatanov Newsgroups: gmane.emacs.devel Subject: Re: Network Security Manager merge time? Date: Wed, 19 Nov 2014 12:30:25 -0500 Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos Message-ID: <87egszcd3i.fsf@lifelogs.com> References: <87lhn7cfe0.fsf@lifelogs.com> Reply-To: emacs-devel@gnu.org NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1416419137 20931 80.91.229.3 (19 Nov 2014 17:45:37 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Wed, 19 Nov 2014 17:45:37 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Wed Nov 19 18:45:30 2014 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Xr9Jq-0007yp-4h for ged-emacs-devel@m.gmane.org; Wed, 19 Nov 2014 18:45:30 +0100 Original-Received: from localhost ([::1]:59964 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xr9Jp-0006TD-Q6 for ged-emacs-devel@m.gmane.org; Wed, 19 Nov 2014 12:45:29 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:33185) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xr9Jh-0006KU-Cq for emacs-devel@gnu.org; Wed, 19 Nov 2014 12:45:27 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Xr9JV-0003sr-GK for emacs-devel@gnu.org; Wed, 19 Nov 2014 12:45:21 -0500 Original-Received: from plane.gmane.org ([80.91.229.3]:33208) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xr9JV-0003sX-AG for emacs-devel@gnu.org; Wed, 19 Nov 2014 12:45:09 -0500 Original-Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1Xr94x-0007eD-BX for emacs-devel@gnu.org; Wed, 19 Nov 2014 18:30:07 +0100 Original-Received: from c-98-229-61-72.hsd1.ma.comcast.net ([98.229.61.72]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 19 Nov 2014 18:30:07 +0100 Original-Received: from tzz by c-98-229-61-72.hsd1.ma.comcast.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 19 Nov 2014 18:30:07 +0100 X-Injected-Via-Gmane: http://gmane.org/ Mail-Followup-To: emacs-devel@gnu.org Original-Lines: 23 Original-X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: c-98-229-61-72.hsd1.ma.comcast.net X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux) Cancel-Lock: sha1:sQAPZG2xaqEvXQwAkOHo/TPONyo= X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 80.91.229.3 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:177792 Archived-At: On Wed, 19 Nov 2014 17:53:07 +0100 Lars Magne Ingebrigtsen wrote: LMI> Ted Zlatanov writes: >> Does it deprecate `gnutls-verify-error'? If so, we should note that. LMI> No, all the boot-time checks are still in there, so if the user wants to LMI> use the gnutls built-in checking stuff instead of the NSM for some LMI> reason or other, that's still possible. I'd rather deprecate it in favor of `nsm-security-level', especially if you're OK with the ability to set the level per host or subnet, and per service. The `gnutls-verify-error' checks are all 'medium I think. (And I'd name or alias that NSM variable to `network-security-level' because "nsm" means nothing to a new user, assuming NSM will be loaded by default.) (Oh, and I'd make `nsm-save-host-names' t by default, because your worries about information leakage are in the 'high or above security level IMO :) Parenthetically Ted