From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: "Garreau\, Alexandre" Newsgroups: gmane.emacs.devel Subject: Re: Network security manager Date: Wed, 19 Nov 2014 13:05:29 +0100 Message-ID: <87ioibmm46.fsf@galex-713.eu> References: <85a93pj1n5.fsf@stephe-leake.org> <87sihg7r73.fsf@alrua-karlstad.karlstad.toke.dk> <87a93oilxl.fsf@lifelogs.com> <87fvdg6xnn.fsf@alrua-karlstad.karlstad.toke.dk> <878uj86wr4.fsf@alrua-karlstad.karlstad.toke.dk> <87r3x05fze.fsf@alrua-karlstad.karlstad.toke.dk> <87d28k5f17.fsf@alrua-karlstad.karlstad.toke.dk> <87wq6r4tii.fsf@alrua-karlstad.karlstad.toke.dk> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Trace: ger.gmane.org 1416398774 21864 80.91.229.3 (19 Nov 2014 12:06:14 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Wed, 19 Nov 2014 12:06:14 +0000 (UTC) Cc: Toke =?utf-8?Q?H=C3=B8iland-J=C3=B8rgensen?= , emacs-devel@gnu.org To: Lars Magne Ingebrigtsen Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Wed Nov 19 13:06:07 2014 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Xr41P-0005FH-88 for ged-emacs-devel@m.gmane.org; Wed, 19 Nov 2014 13:06:07 +0100 Original-Received: from localhost ([::1]:57709 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xr41O-0000Ne-QT for ged-emacs-devel@m.gmane.org; Wed, 19 Nov 2014 07:06:06 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:48678) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xr414-0000NZ-9D for emacs-devel@gnu.org; Wed, 19 Nov 2014 07:05:51 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Xr40z-0007Dy-36 for emacs-devel@gnu.org; Wed, 19 Nov 2014 07:05:46 -0500 Original-Received: from bar75-1-78-192-124-148.fbxo.proxad.net ([78.192.124.148]:56016 helo=galex-713.eu) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xr40y-0007Dr-R7 for emacs-devel@gnu.org; Wed, 19 Nov 2014 07:05:41 -0500 Original-Received: from X60T713 (71.45.142.88.rev.sfr.net [88.142.45.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) (Authenticated sender: galex-713) by galex-713.eu (Postfix) with ESMTPSA id 842FF15F660; Wed, 19 Nov 2014 13:05:39 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=galex-713.eu; s=dkim; t=1416398739; bh=AJ2VR8xuXpaIx5f02izqezEc+EoDtehUazm02wjI3qQ=; h=From:To:Cc:Subject:References:Date:In-Reply-To:From; b=m2XsyO4tfexbw8dS8inrExk+GaJMHPVR6kfQkhkAtHTl+c+YkZk+TukA2dYpT3HBO iwQ2+IUcIu+dsaB4gKZTy6IrH5bN0FGWIyzGVSj9IWPGKJeUvLllwFOQSdVsGSAPZx FsLhZ8BtMJg7zIw5SHGLfQuZnho37B2OcjH7EjlM= User-Agent: Gnus (5.13), GNU Emacs 24.4.1 (i586-pc-linux-gnu) Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAMAAABg3Am1AAAABGdBTUEAALGPC/xhBQAAADBQ TFRFAAAAAAAAAAAAAAAAAAAAAQEBAQEBAgICBAQEFRUV////////////////////////2mBkLQAA ABB0Uk5TAAAAAAAAAAABCU2g0Pr+/CTJwSkAAAABYktHRACIBR1IAAABkUlEQVRIx82W0XLEIAhF nbx5QfP/f1sVUVSStvvSOrObrOEI1yBsuH45wl8AAHEdRMD3QDHOZjDhFQClvI20IRaIYl5Wvdu1 e0uIPgDWBVGuhYW6ZHhAsxf/5Y6ofCTKlQjWPsl8cZBRvlhCQbJEMPY6S9U2coupE7R7iMa+rkgN o/FmDg0Y8fSI1qljl5CGf3Gm0p8A414dtBuOPlAcTO+koVi3G7A4SOMHeTGFHi2OiB5khx7sZSXH eU8PwCKZjJxDdpB5K9kNbwGMhJY386kTkwB39NcsP294QDKS7caYPfYB5NeRDg30DvAO1AgSL8PM TGBsK+UjZHPwJqAvrkre970WEDgAq2TeU2FkIE1ARZDzYkcG6is16d0kH0DspwJml/oBQnbPpGRg 08fLEfUkz2xBXoCWAp5kzcBicFtAcwIeUGVzW9AAkaROu4DUdCxAL8V+l5JyvAG2GO8e5MkO2HJ/ NCXGdQLSCbYOZRrKCVwR2rJquUbtpmm2rNhmH5tiSj9oih+03Q8a+z/4c/IFGNsy9Qwqrr0AAAAA SUVORK5CYII= X-Home-Page: https://www.galex-713.eu X-GPG-FINGERPRINT: E109 9988 4197 D7CB B0BC 5C23 8DEB 24BA 867D 3F7F X-GPG: 0x8DEB24BA867D3F7F X-Accept-Language: fr, it, en, eo In-Reply-To: (Lars Magne Ingebrigtsen's message of "Wed, 19 Nov 2014 09:55:00 +0100") X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic] X-Received-From: 78.192.124.148 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:177738 Archived-At: --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 2014-11-19 at 09:55, Lars Magne Ingebrigtsen wrote: > Toke H=C3=B8iland-J=C3=B8rgensen writes: >> Finally, GnuTLS has the ability to generate ASCII art of the certificate >> public key, like this: >> >> Public key's random art: >> +--[ RSA 4096]----+ >> | ..o .| >> | ooo.o| >> | .o..o| >> | . o + .| >> | . S =3D E | >> | o . o . | >> | =3D o . o | >> | B .. .... | >> | .+ oo..o++ | >> +-----------------+ > > Unfortunately, this seems to have been introduced in a later version of > the library than what I have on my development machine, so I haven't > been able to test. > >> Supposedly, this should make it possible to verify a certificate at a >> glance (relying on human visual memory being superior to our ability to >> recognise long strings of alphanumericals). Might be worthwhile to >> include this in (some of) the popups? Can't really figure out if I think >> it's just a gimmick, or what, but I thought I'd suggest it. Gnutls-cli >> uses it... The function is gnutls_random_art(). > > Yeah, I don't know either whether it's useful. Does anybody else have > an opinion? Anybody ever found the "random art" handy? Hexadecimal fingerprint are hard to check. At least if someone want to take less time she just check some last or first characters, and that can be easily faked, and is not secure. There=E2=80=99s no way with an hexadecimal string to do a =E2=80=9Cglobal approximative check=E2=80=9D, wh= at could really accord security with a fingerpint. ASCII art, and images in general, are really easily checkable, it takes only 2s, and done. It also exists in graphic, it=E2=80=99s named vizhash: it just compute simple colored (shaped or not) forms (triangles, circles=E2=80= =A6) according output of long hash functions. It=E2=80=99s *really* efficient to check things. I=E2=80=99d love to see Emacs being the pioneer of introducing this nice fe= ature to the end user, GNUnet should be the next. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQJ8BAEBCgBmBQJUbIeJXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFMTA5OTk4ODQxOTdEN0NCQjBCQzVDMjM4 REVCMjRCQTg2N0QzRjdGAAoJEI3rJLqGfT9/VVQP/jygJqKpJXBcqJwu4585JIJQ VrsmW5mNEI7TFvV1s9vLcZkUl+Ihy0neE4TyhkrhxHIyzNE8kfhsVIeeGrm8YqLh horz345RCkRd787LPKNsmTqjw4ktoDavHoFmvKwRE8JIkX2d8KV7yejoaGeIKRVW NEisT70x0MYx+24t9TXG+u+FD5yYQQgI3MKaYpT2lrM9ITrilFT76z9l7+DA2P2d 8/INAoETZ/1iY0FZ6fKHzQEHLYWFMKDGeN9CgGNfVt9XhXDdRzGOWqJuesjdPhaD AcQoB5RaG+GIf0R6/uuMlGlmXnA/bhcIYcnyHRw1MQ4ztTeqSZu8CGdm/Zf7H9RR SKYZloY0yuDGq4ca2xVCF0fEIUJMMSRqzwfcTYdOB8Ef10rg4JQnBooOhZT5mMSQ 2VICfo5p0LoB8oZZrsPUdRG91BUmCQOeGCzDKlSkxe/wRjeXTU57MlzjiTFD4m8y /NDIj/6n6+4lFd2Dz4uMnYnyH0lg26lVb0AnTlNavuZ1FrFW+8wn/nJ9y/Md+AG5 g6wzmwbgQtRWRUc2yAUdPEdFxwH56/B/o3/7w5ugNkDqPu9PNA1ZigTGjNPPVsBo Urz/qauUg/SKvQv1RwJJNZF3p7wGY8g1zvw20kQcPLhdHRO6/v0uHXIBM4D9NUr3 1O7RuEIUQtvE6ziQcn4W =gMAa -----END PGP SIGNATURE----- --=-=-=--