From: "Toke Høiland-Jørgensen" <toke@toke.dk>
To: Lars Magne Ingebrigtsen <larsi@gnus.org>
Cc: Stephen Leake <stephen_leake@stephe-leake.org>,
Kelvin White <kwhite@gnu.org>,
Emacs development discussions <emacs-devel@gnu.org>
Subject: Re: Network security manager
Date: Tue, 18 Nov 2014 11:12:32 +0100 [thread overview]
Message-ID: <87sihg7r73.fsf@alrua-karlstad.karlstad.toke.dk> (raw)
In-Reply-To: <m3bno5igmh.fsf@stories.gnus.org> (Lars Magne Ingebrigtsen's message of "Mon, 17 Nov 2014 23:53:10 +0100")
Lars Magne Ingebrigtsen <larsi@gnus.org> writes:
> But here's the feedback I need:
Haven't tested the code, but feel like I can weigh in on some of this:
> if (verification & GNUTLS_CERT_INVALID)
> warnings = Fcons (list2 (intern (":invalid"),
As far as I can tell from the GnuTLS example code, this is a flag that
GnuTLS sets when a cert is not trusted, rather than when it's malformed
(as I would have guessed from the name)? I.e. it doesn't ever appear on
its own?
> if (verification & GNUTLS_CERT_REVOKED)
> warnings = Fcons (list2 (intern (":revoked"),
This should probably be treated as fairly suspicious; since if the cert
has been explicitly revoked, there's probably a reason (not sure how
GnuTLS determines this second one; does it do OCSP revocation checks?).
SO carrying on would probably be... ill-advised. Perhaps by default fail
this completely (rather than ask), and optionally have a variable option
to override it?
> if (verification & GNUTLS_CERT_SIGNER_NOT_FOUND)
> warnings = Fcons (list2 (intern (":signer-not-found"),
> if (verification & GNUTLS_CERT_SIGNER_NOT_CA)
> warnings = Fcons (list2 (intern (":self-signed"),
Not sure which of these would indicate the common self-signed case?
Could probably be both...
> if (verification & GNUTLS_CERT_INSECURE_ALGORITHM)
> warnings = Fcons (list2 (intern (":insecure"),
I'd default to failing here as well; incidentally, does Emacs check the
cipher mode of the connection itself (I'm assuming this warning pertains
to the certificate itself, not the connection encryption). I have (setq
gnutls-algorithm-priority "PFS") in my .emacs, but AFAIK that is not the
default (and it does fail in some cases). For instance, in light of
POODLE, turning off SSLv3 completely would probably be a good idea, at
least as a default?
> if (verification & GNUTLS_CERT_NOT_ACTIVATED)
> warnings = Fcons (list2 (intern (":not-activated"),
This would probably be an issue with the clock?
> if (verification & GNUTLS_CERT_EXPIRED)
> warnings = Fcons (list2 (intern (":expired"),
I would expect this to be mostly benign (someone forgot to replace a
cert), but can also indicate someone stole an old cert and is using it
to MITM...
> Which one is the real "self-signed" message? It's an important
> distinction between a self-signed certificate and a forged
> certificate...
An important distinction, yes, but not one that can be made in general.
The main indicator of a forged certificate is if the presented
certificate does not match the one that is stored for the connection.
If it does, it's a possible forgery, if not, it's (probably) fine.
In the presence of rogue CAs, there's not really a better distinction to
be made, in the worst case.
However, in terms of UI we might be able to do a bit better. I'd advise
taking a look at the Certificate Patrol firefox extension
(http://patrol.psyced.org/), which does some heuristics to determine if
a changed certificate is benign or not. The main thing it does is to
look at the expiration date of the stored certificate; if that is
expired (or close to being), and the new certificate has the same CA as
the old one, it pops up a notice and continues. Otherwise, it interrupts
the connection and pops up a warning dialog with the changes highlighted
(including certificate fingerprint, CA chain etc). The common case
should be that an expired certificate is simply renewed with the same
CA, and this probably shouldn't be cause for alarm. The trouble is that
some popular sites use multiple certificates simultaneously
(corresponding to different endpoints in a server farm, I assume), which
can give some spurious popups from this algorithm.
Distinguishing these types of errors requires storing more than just the
certificate fingerprint, of course, so don't know if it's worth it. If
not, I'd treat any deviation from the stored value as suspicious.
There's also the issue of ports and addresses: If I connect to a mail
server on port 993 and get a certificate, there's a chance the same
certificate is also used for submitting mail on port 587. If so, warning
again could be avoided. On the other hand, folding the stored
certificate into just being stored per hostname would fail if it is
*not* the same certificate being used. So maybe treating ports as
completely separate (as I think you're doing now?) is best.
Finally, doing DANE verification (and trusting that more than the CA)
would be nice; but not sure how viably it is presently.
Sorry if that got a bit long; there seems to be quite a lot of cases to
consider here.
Will give the code a spin when I have chance :)
-Toke
next prev parent reply other threads:[~2014-11-18 10:12 UTC|newest]
Thread overview: 265+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-11-17 12:46 Network security manager Lars Magne Ingebrigtsen
2014-11-17 13:56 ` Ted Zlatanov
2014-11-17 13:59 ` Andreas Schwab
2014-11-17 14:04 ` Lars Magne Ingebrigtsen
2014-11-17 16:13 ` Eli Zaretskii
2014-11-17 14:17 ` Stefan Monnier
2014-11-17 14:21 ` Lars Magne Ingebrigtsen
2014-11-17 15:00 ` Ted Zlatanov
2014-11-17 15:06 ` Ted Zlatanov
2014-11-17 17:31 ` Stefan Monnier
2014-11-17 18:06 ` Ted Zlatanov
2014-11-17 15:22 ` Lars Magne Ingebrigtsen
2014-11-17 16:04 ` Ted Zlatanov
2014-11-17 18:55 ` Lars Magne Ingebrigtsen
2014-11-17 16:22 ` Eli Zaretskii
2014-11-17 16:15 ` Eli Zaretskii
2014-11-17 16:11 ` Eli Zaretskii
2014-11-17 14:00 ` Lars Magne Ingebrigtsen
2014-11-17 16:13 ` Eli Zaretskii
2014-11-17 13:59 ` Stefan Monnier
2014-11-17 15:19 ` Stephen Leake
2014-11-17 15:24 ` Lars Magne Ingebrigtsen
2014-11-17 15:29 ` Kelvin White
2014-11-17 15:38 ` Kelvin White
2014-11-17 18:49 ` Lars Magne Ingebrigtsen
2014-11-17 18:58 ` Rob Browning
2014-11-17 19:07 ` Óscar Fuentes
2014-11-18 8:52 ` Sebastien Vauban
2014-11-18 14:54 ` Óscar Fuentes
2014-11-17 22:53 ` Lars Magne Ingebrigtsen
2014-11-17 23:16 ` Lars Magne Ingebrigtsen
2014-11-17 23:26 ` Lars Magne Ingebrigtsen
2014-11-18 15:19 ` Ted Zlatanov
2014-11-17 23:51 ` Lars Magne Ingebrigtsen
2014-11-18 14:41 ` Lars Magne Ingebrigtsen
2014-11-18 14:57 ` Rasmus
2014-11-18 15:01 ` Lars Magne Ingebrigtsen
2014-11-18 19:44 ` Achim Gratz
2014-11-18 19:48 ` Lars Magne Ingebrigtsen
2014-11-18 15:03 ` Tassilo Horn
2014-11-18 15:10 ` Lars Magne Ingebrigtsen
2014-11-18 15:23 ` Tassilo Horn
2014-11-18 15:17 ` Ted Zlatanov
2014-11-18 15:30 ` Lars Magne Ingebrigtsen
2014-11-18 15:40 ` Lars Magne Ingebrigtsen
2014-11-18 15:45 ` Lars Magne Ingebrigtsen
2014-11-18 16:04 ` Ted Zlatanov
2014-11-18 19:49 ` Achim Gratz
2014-11-18 19:53 ` Lars Magne Ingebrigtsen
2014-11-18 19:55 ` Lars Magne Ingebrigtsen
2014-11-18 21:17 ` David Engster
2014-11-18 21:28 ` David Engster
2014-11-18 21:54 ` Lars Magne Ingebrigtsen
2014-11-18 20:47 ` N. Jackson
2014-11-18 21:07 ` Lars Magne Ingebrigtsen
2014-11-18 21:29 ` N. Jackson
2014-11-18 21:36 ` David Engster
2014-11-18 21:55 ` Lars Magne Ingebrigtsen
2014-11-18 22:02 ` David Engster
2014-11-19 0:05 ` Stephen J. Turnbull
2014-11-18 10:12 ` Toke Høiland-Jørgensen [this message]
2014-11-18 15:10 ` Ted Zlatanov
2014-11-18 15:29 ` Lars Magne Ingebrigtsen
2014-11-18 15:58 ` Ted Zlatanov
2014-11-18 16:15 ` Lars Magne Ingebrigtsen
2014-11-18 16:35 ` Lars Magne Ingebrigtsen
2014-11-18 16:41 ` Lars Magne Ingebrigtsen
2014-11-18 17:00 ` Lars Magne Ingebrigtsen
2014-11-18 17:23 ` Ted Zlatanov
2014-11-18 17:28 ` Lars Magne Ingebrigtsen
2014-11-18 17:40 ` Ted Zlatanov
2014-11-18 17:47 ` Eli Zaretskii
2014-11-18 17:57 ` Lars Magne Ingebrigtsen
2014-11-18 17:43 ` Eli Zaretskii
2014-11-18 17:54 ` Lars Magne Ingebrigtsen
2014-11-18 18:08 ` Eli Zaretskii
2014-11-18 18:13 ` Lars Magne Ingebrigtsen
2014-11-18 18:18 ` Lars Magne Ingebrigtsen
2014-11-18 18:29 ` Lars Magne Ingebrigtsen
2014-11-18 18:40 ` Eli Zaretskii
2014-11-18 19:19 ` Lars Magne Ingebrigtsen
2014-11-18 19:22 ` Eli Zaretskii
2014-11-18 19:26 ` Lars Magne Ingebrigtsen
2014-11-18 19:55 ` Eli Zaretskii
2014-11-18 19:24 ` Daniel Colascione
2014-11-18 20:40 ` Stefan Monnier
2014-11-18 20:49 ` Eli Zaretskii
2014-11-18 23:02 ` Lars Magne Ingebrigtsen
2014-11-18 23:31 ` Ted Zlatanov
2014-11-19 8:37 ` Lars Magne Ingebrigtsen
2014-11-19 11:17 ` Ted Zlatanov
2014-11-19 11:23 ` Lars Magne Ingebrigtsen
2014-11-19 11:46 ` Ted Zlatanov
2014-11-19 21:11 ` Toke Høiland-Jørgensen
2014-11-19 7:39 ` Lars Magne Ingebrigtsen
2014-11-18 20:51 ` Lars Magne Ingebrigtsen
2014-11-19 2:09 ` Stefan Monnier
2014-11-19 3:55 ` Eli Zaretskii
2014-11-19 13:40 ` Stefan Monnier
2014-11-19 13:51 ` Ted Zlatanov
2014-11-19 14:45 ` Lars Magne Ingebrigtsen
2014-11-19 15:30 ` Lars Magne Ingebrigtsen
2014-11-19 15:36 ` Ted Zlatanov
2014-11-19 15:47 ` Lars Magne Ingebrigtsen
2014-11-19 15:53 ` Ted Zlatanov
2014-11-19 16:12 ` Lars Magne Ingebrigtsen
2014-11-19 16:12 ` EWW buffers Ivan Shmakov
2014-11-19 16:17 ` Lars Magne Ingebrigtsen
2014-11-19 17:10 ` bug#19109: eww-setup-buffer: use set-buffer instead of switch-to-buffer Ivan Shmakov
[not found] ` <m3r3wznli0.fsf@stories.gnus.org>
[not found] ` <87sih9u4pa.fsf_-_@violet.siamics.net>
[not found] ` <v2tx1p4syz.fsf@fencepost.gnu.org>
2014-11-23 19:35 ` mailing control@, but requesting that no replies be sent there Ivan Shmakov
2014-11-24 0:22 ` bug#19109: " Glenn Morris
2014-11-24 6:50 ` Ivan Shmakov
2014-11-24 7:13 ` Stephen J. Turnbull
2014-11-24 5:00 ` bug#19109: " Stephen J. Turnbull
2014-11-19 22:27 ` EWW buffers Stefan Monnier
2014-11-20 6:47 ` Ivan Shmakov
2014-11-21 12:16 ` Lars Magne Ingebrigtsen
2014-11-19 15:56 ` Network security manager Eli Zaretskii
2014-11-19 22:23 ` Stefan Monnier
2014-11-20 16:22 ` Eli Zaretskii
2014-11-20 23:34 ` Stefan Monnier
2014-11-21 8:10 ` Eli Zaretskii
2014-11-21 9:24 ` Lars Magne Ingebrigtsen
2014-11-21 9:40 ` Eli Zaretskii
2014-11-21 11:12 ` Lars Magne Ingebrigtsen
2014-11-21 10:36 ` Andreas Schwab
2014-11-21 13:30 ` Daniel Colascione
2014-11-21 15:05 ` Stefan Monnier
2014-11-21 15:02 ` Stefan Monnier
2014-11-18 18:30 ` Eli Zaretskii
2014-11-18 18:41 ` Lars Magne Ingebrigtsen
2014-11-18 18:42 ` Eli Zaretskii
2014-11-18 18:24 ` Eli Zaretskii
2014-11-18 18:22 ` Ted Zlatanov
2014-11-18 17:28 ` Ted Zlatanov
2014-11-18 17:36 ` Lars Magne Ingebrigtsen
2014-11-18 17:44 ` Ted Zlatanov
2014-11-18 18:10 ` Lars Magne Ingebrigtsen
2014-11-18 22:09 ` Toke Høiland-Jørgensen
[not found] ` <87egt0792y.fsf@echidna.jochen.org>
2014-11-18 17:28 ` Lars Magne Ingebrigtsen
2014-11-19 4:31 ` Ted Zlatanov
2014-11-19 5:43 ` Toke Høiland-Jørgensen
2014-11-19 8:44 ` Lars Magne Ingebrigtsen
2014-11-19 11:09 ` Ted Zlatanov
2014-11-19 11:19 ` Lars Magne Ingebrigtsen
2014-11-19 11:41 ` Ted Zlatanov
2014-11-19 11:50 ` Lars Magne Ingebrigtsen
2014-11-19 12:11 ` Ted Zlatanov
2014-11-19 14:16 ` Lars Magne Ingebrigtsen
2014-11-19 8:46 ` Lars Magne Ingebrigtsen
2014-11-18 20:50 ` Toke Høiland-Jørgensen
2014-11-18 21:06 ` Lars Magne Ingebrigtsen
2014-11-18 21:10 ` Toke Høiland-Jørgensen
2014-11-18 21:54 ` Lars Magne Ingebrigtsen
2014-11-18 21:57 ` Toke Høiland-Jørgensen
2014-11-18 22:13 ` Lars Magne Ingebrigtsen
2014-11-18 22:18 ` Toke Høiland-Jørgensen
2014-11-18 22:54 ` Lars Magne Ingebrigtsen
2014-11-19 6:03 ` Toke Høiland-Jørgensen
2014-11-19 8:55 ` Lars Magne Ingebrigtsen
2014-11-19 12:05 ` Garreau, Alexandre
2014-11-19 12:17 ` Lars Magne Ingebrigtsen
2014-11-19 12:26 ` Garreau, Alexandre
2014-11-19 12:29 ` Lars Magne Ingebrigtsen
2014-11-23 19:53 ` Lars Magne Ingebrigtsen
2014-11-23 19:59 ` Lars Magne Ingebrigtsen
2014-11-23 20:23 ` Garreau, Alexandre
2014-11-23 20:36 ` Lars Magne Ingebrigtsen
2014-11-23 20:41 ` Lars Magne Ingebrigtsen
2014-11-23 22:24 ` Lars Magne Ingebrigtsen
2014-11-23 22:30 ` joakim
2014-11-30 13:38 ` Stefan Monnier
2014-11-30 22:29 ` Lars Magne Ingebrigtsen
2014-12-01 3:10 ` Stefan Monnier
2014-11-19 14:35 ` Lars Magne Ingebrigtsen
2014-11-19 16:33 ` Toke Høiland-Jørgensen
2014-11-19 16:38 ` Lars Magne Ingebrigtsen
2014-11-19 21:00 ` Toke Høiland-Jørgensen
2014-11-18 21:23 ` Ted Zlatanov
2014-11-18 19:45 ` Lars Magne Ingebrigtsen
2014-11-18 20:33 ` Toke Høiland-Jørgensen
2014-11-18 22:37 ` Lars Magne Ingebrigtsen
2014-11-18 21:37 ` Toke Høiland-Jørgensen
2014-11-18 21:57 ` Lars Magne Ingebrigtsen
2014-11-18 22:03 ` Toke Høiland-Jørgensen
2014-11-18 22:13 ` Lars Magne Ingebrigtsen
2014-11-18 15:22 ` Ted Zlatanov
2014-11-18 15:33 ` Lars Magne Ingebrigtsen
2014-11-18 17:03 ` Glenn Morris
2014-11-18 17:17 ` Daniel Colascione
2014-11-18 17:41 ` Eli Zaretskii
2014-11-22 10:27 ` Steinar Bang
2014-11-17 16:57 ` Romain Francoise
2014-11-17 18:30 ` Stefan Monnier
2014-11-18 8:29 ` Stephen Leake
2014-11-18 15:49 ` Stefan Monnier
2014-11-18 16:01 ` Ted Zlatanov
2014-11-18 16:24 ` Lars Magne Ingebrigtsen
2014-11-18 21:21 ` Toke Høiland-Jørgensen
2014-11-18 22:25 ` Lars Magne Ingebrigtsen
2014-11-18 22:28 ` Toke Høiland-Jørgensen
2014-11-22 5:24 ` emacs-dynamic-module in Emacs Git? Stephen Leake
2014-11-22 15:49 ` Stefan Monnier
2014-11-22 17:12 ` Óscar Fuentes
2014-11-22 23:28 ` Ted Zlatanov
2014-11-23 10:38 ` Aurélien Aptel
2014-11-24 1:19 ` Aurélien Aptel
2014-11-25 10:05 ` Ted Zlatanov
2014-11-26 17:05 ` Aurélien Aptel
2014-11-27 2:10 ` Ted Zlatanov
2014-11-27 15:38 ` Aurélien Aptel
2014-11-27 15:45 ` Ted Zlatanov
2014-11-29 17:05 ` Eli Zaretskii
2014-11-29 17:45 ` Eli Zaretskii
2014-11-30 14:08 ` Stefan Monnier
2014-11-30 15:42 ` Eli Zaretskii
2014-11-30 18:09 ` Stefan Monnier
2014-12-01 0:44 ` Ted Zlatanov
2014-12-01 3:41 ` Stefan Monnier
2014-12-01 10:31 ` Ted Zlatanov
2014-12-01 13:45 ` Stefan Monnier
2014-12-01 14:10 ` Aurélien Aptel
2014-12-01 14:47 ` Ted Zlatanov
2014-12-01 15:04 ` Stefan Monnier
2014-12-01 15:36 ` Ted Zlatanov
2014-12-01 16:28 ` Aurélien Aptel
2014-12-01 17:05 ` Ted Zlatanov
2014-12-01 22:46 ` Stephen Leake
2014-12-01 17:44 ` Eli Zaretskii
2014-12-01 19:40 ` Stefan Monnier
2014-12-01 20:19 ` Ted Zlatanov
2014-12-02 21:22 ` Ted Zlatanov
2014-12-04 20:40 ` Aurélien Aptel
2014-12-05 1:02 ` Ted Zlatanov
2014-12-05 2:43 ` Ivan Andrus
2014-12-10 0:53 ` Ted Zlatanov
2014-12-11 15:49 ` Aurélien Aptel
2014-12-11 14:35 ` Ted Zlatanov
2014-12-01 19:12 ` Stefan Monnier
2014-12-01 22:42 ` Stephen Leake
2014-12-02 1:16 ` Ted Zlatanov
2014-12-02 3:29 ` Stefan Monnier
2014-12-01 16:21 ` Eli Zaretskii
2014-12-01 13:59 ` Aurélien Aptel
2014-12-01 16:51 ` Eli Zaretskii
2014-12-01 22:58 ` Stephen Leake
2014-12-02 3:33 ` Stefan Monnier
2014-12-03 9:27 ` Stephen Leake
2014-12-03 13:57 ` Stefan Monnier
2014-12-03 17:41 ` Eli Zaretskii
2014-12-02 3:40 ` Eli Zaretskii
2014-12-02 17:58 ` Steinar Bang
2014-12-02 18:09 ` Eli Zaretskii
2014-12-03 10:04 ` Stephen Leake
2014-12-03 10:55 ` David Kastrup
2014-12-03 21:11 ` Stephen Leake
2014-12-03 17:56 ` Eli Zaretskii
2014-12-03 19:05 ` Stefan Monnier
2014-11-17 16:07 ` Network security manager Eli Zaretskii
2014-11-17 18:58 ` Lars Magne Ingebrigtsen
2014-11-17 19:05 ` Eli Zaretskii
2014-11-17 19:37 ` Lars Magne Ingebrigtsen
2014-11-17 19:49 ` Óscar Fuentes
2014-11-17 20:00 ` Lars Magne Ingebrigtsen
2014-11-17 20:31 ` Óscar Fuentes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87sihg7r73.fsf@alrua-karlstad.karlstad.toke.dk \
--to=toke@toke.dk \
--cc=emacs-devel@gnu.org \
--cc=kwhite@gnu.org \
--cc=larsi@gnus.org \
--cc=stephen_leake@stephe-leake.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).