From: "Toke Høiland-Jørgensen" <toke@toke.dk>
To: Lars Magne Ingebrigtsen <larsi@gnus.org>
Cc: emacs-devel@gnu.org
Subject: Re: Network security manager
Date: Wed, 19 Nov 2014 07:03:01 +0100 [thread overview]
Message-ID: <87wq6r4tii.fsf@alrua-karlstad.karlstad.toke.dk> (raw)
In-Reply-To: <m3mw7oruge.fsf@stories.gnus.org> (Lars Magne Ingebrigtsen's message of "Tue, 18 Nov 2014 23:54:09 +0100")
Lars Magne Ingebrigtsen <larsi@gnus.org> writes:
> Things that require extensive customisations almost never get used, so
> I'm not sure it's worth it.
Well it would default to something sensible, of course. I'd use it ;)
> Pushed now.
Okay, so the initial prompt on paranoid level works. Would be nice if
the initial prompt popped up the same certificate information as the
other confirmation prompts, to make it easier to verify that it's the
right certificate. That goes for when the fingerprint changes as well, I
suppose...
Once the fingerprint is stored, though, it fails in weird ways. I tried
manually modifying the fingerprint in the network-security.data file (to
make verification fail). This elicits this behaviour:
- On security levels high and paranoid, verification just fails silently
(open-network-stream returns nil), with no option to update the stored
fingerprint.
- On security levels low and medium, verification *succeeds*, even
though a fingerprint is stored that does not match the certificate.
I would consider especially the second point to be a big no-no; even if
the security level is subsequently lowered, having a stored fingerprint
should take precedence and fail the verification. Maybe the "continue
anyway" could cause the stored fingerprint to be removed, but just
continuing regardless is bad IMO.
Finally, GnuTLS has the ability to generate ASCII art of the certificate
public key, like this:
Public key's random art:
+--[ RSA 4096]----+
| ..o .|
| ooo.o|
| .o..o|
| . o + .|
| . S = E |
| o . o . |
| = o . o |
| B .. .... |
| .+ oo..o++ |
+-----------------+
Supposedly, this should make it possible to verify a certificate at a
glance (relying on human visual memory being superior to our ability to
recognise long strings of alphanumericals). Might be worthwhile to
include this in (some of) the popups? Can't really figure out if I think
it's just a gimmick, or what, but I thought I'd suggest it. Gnutls-cli
uses it... The function is gnutls_random_art().
-Toke
next prev parent reply other threads:[~2014-11-19 6:03 UTC|newest]
Thread overview: 265+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-11-17 12:46 Network security manager Lars Magne Ingebrigtsen
2014-11-17 13:56 ` Ted Zlatanov
2014-11-17 13:59 ` Andreas Schwab
2014-11-17 14:04 ` Lars Magne Ingebrigtsen
2014-11-17 16:13 ` Eli Zaretskii
2014-11-17 14:17 ` Stefan Monnier
2014-11-17 14:21 ` Lars Magne Ingebrigtsen
2014-11-17 15:00 ` Ted Zlatanov
2014-11-17 15:06 ` Ted Zlatanov
2014-11-17 17:31 ` Stefan Monnier
2014-11-17 18:06 ` Ted Zlatanov
2014-11-17 15:22 ` Lars Magne Ingebrigtsen
2014-11-17 16:04 ` Ted Zlatanov
2014-11-17 18:55 ` Lars Magne Ingebrigtsen
2014-11-17 16:22 ` Eli Zaretskii
2014-11-17 16:15 ` Eli Zaretskii
2014-11-17 16:11 ` Eli Zaretskii
2014-11-17 14:00 ` Lars Magne Ingebrigtsen
2014-11-17 16:13 ` Eli Zaretskii
2014-11-17 13:59 ` Stefan Monnier
2014-11-17 15:19 ` Stephen Leake
2014-11-17 15:24 ` Lars Magne Ingebrigtsen
2014-11-17 15:29 ` Kelvin White
2014-11-17 15:38 ` Kelvin White
2014-11-17 18:49 ` Lars Magne Ingebrigtsen
2014-11-17 18:58 ` Rob Browning
2014-11-17 19:07 ` Óscar Fuentes
2014-11-18 8:52 ` Sebastien Vauban
2014-11-18 14:54 ` Óscar Fuentes
2014-11-17 22:53 ` Lars Magne Ingebrigtsen
2014-11-17 23:16 ` Lars Magne Ingebrigtsen
2014-11-17 23:26 ` Lars Magne Ingebrigtsen
2014-11-18 15:19 ` Ted Zlatanov
2014-11-17 23:51 ` Lars Magne Ingebrigtsen
2014-11-18 14:41 ` Lars Magne Ingebrigtsen
2014-11-18 14:57 ` Rasmus
2014-11-18 15:01 ` Lars Magne Ingebrigtsen
2014-11-18 19:44 ` Achim Gratz
2014-11-18 19:48 ` Lars Magne Ingebrigtsen
2014-11-18 15:03 ` Tassilo Horn
2014-11-18 15:10 ` Lars Magne Ingebrigtsen
2014-11-18 15:23 ` Tassilo Horn
2014-11-18 15:17 ` Ted Zlatanov
2014-11-18 15:30 ` Lars Magne Ingebrigtsen
2014-11-18 15:40 ` Lars Magne Ingebrigtsen
2014-11-18 15:45 ` Lars Magne Ingebrigtsen
2014-11-18 16:04 ` Ted Zlatanov
2014-11-18 19:49 ` Achim Gratz
2014-11-18 19:53 ` Lars Magne Ingebrigtsen
2014-11-18 19:55 ` Lars Magne Ingebrigtsen
2014-11-18 21:17 ` David Engster
2014-11-18 21:28 ` David Engster
2014-11-18 21:54 ` Lars Magne Ingebrigtsen
2014-11-18 20:47 ` N. Jackson
2014-11-18 21:07 ` Lars Magne Ingebrigtsen
2014-11-18 21:29 ` N. Jackson
2014-11-18 21:36 ` David Engster
2014-11-18 21:55 ` Lars Magne Ingebrigtsen
2014-11-18 22:02 ` David Engster
2014-11-19 0:05 ` Stephen J. Turnbull
2014-11-18 10:12 ` Toke Høiland-Jørgensen
2014-11-18 15:10 ` Ted Zlatanov
2014-11-18 15:29 ` Lars Magne Ingebrigtsen
2014-11-18 15:58 ` Ted Zlatanov
2014-11-18 16:15 ` Lars Magne Ingebrigtsen
2014-11-18 16:35 ` Lars Magne Ingebrigtsen
2014-11-18 16:41 ` Lars Magne Ingebrigtsen
2014-11-18 17:00 ` Lars Magne Ingebrigtsen
2014-11-18 17:23 ` Ted Zlatanov
2014-11-18 17:28 ` Lars Magne Ingebrigtsen
2014-11-18 17:40 ` Ted Zlatanov
2014-11-18 17:47 ` Eli Zaretskii
2014-11-18 17:57 ` Lars Magne Ingebrigtsen
2014-11-18 17:43 ` Eli Zaretskii
2014-11-18 17:54 ` Lars Magne Ingebrigtsen
2014-11-18 18:08 ` Eli Zaretskii
2014-11-18 18:13 ` Lars Magne Ingebrigtsen
2014-11-18 18:18 ` Lars Magne Ingebrigtsen
2014-11-18 18:29 ` Lars Magne Ingebrigtsen
2014-11-18 18:40 ` Eli Zaretskii
2014-11-18 19:19 ` Lars Magne Ingebrigtsen
2014-11-18 19:22 ` Eli Zaretskii
2014-11-18 19:26 ` Lars Magne Ingebrigtsen
2014-11-18 19:55 ` Eli Zaretskii
2014-11-18 19:24 ` Daniel Colascione
2014-11-18 20:40 ` Stefan Monnier
2014-11-18 20:49 ` Eli Zaretskii
2014-11-18 23:02 ` Lars Magne Ingebrigtsen
2014-11-18 23:31 ` Ted Zlatanov
2014-11-19 8:37 ` Lars Magne Ingebrigtsen
2014-11-19 11:17 ` Ted Zlatanov
2014-11-19 11:23 ` Lars Magne Ingebrigtsen
2014-11-19 11:46 ` Ted Zlatanov
2014-11-19 21:11 ` Toke Høiland-Jørgensen
2014-11-19 7:39 ` Lars Magne Ingebrigtsen
2014-11-18 20:51 ` Lars Magne Ingebrigtsen
2014-11-19 2:09 ` Stefan Monnier
2014-11-19 3:55 ` Eli Zaretskii
2014-11-19 13:40 ` Stefan Monnier
2014-11-19 13:51 ` Ted Zlatanov
2014-11-19 14:45 ` Lars Magne Ingebrigtsen
2014-11-19 15:30 ` Lars Magne Ingebrigtsen
2014-11-19 15:36 ` Ted Zlatanov
2014-11-19 15:47 ` Lars Magne Ingebrigtsen
2014-11-19 15:53 ` Ted Zlatanov
2014-11-19 16:12 ` Lars Magne Ingebrigtsen
2014-11-19 16:12 ` EWW buffers Ivan Shmakov
2014-11-19 16:17 ` Lars Magne Ingebrigtsen
2014-11-19 17:10 ` bug#19109: eww-setup-buffer: use set-buffer instead of switch-to-buffer Ivan Shmakov
[not found] ` <m3r3wznli0.fsf@stories.gnus.org>
[not found] ` <87sih9u4pa.fsf_-_@violet.siamics.net>
[not found] ` <v2tx1p4syz.fsf@fencepost.gnu.org>
2014-11-23 19:35 ` mailing control@, but requesting that no replies be sent there Ivan Shmakov
2014-11-24 0:22 ` bug#19109: " Glenn Morris
2014-11-24 6:50 ` Ivan Shmakov
2014-11-24 7:13 ` Stephen J. Turnbull
2014-11-24 5:00 ` bug#19109: " Stephen J. Turnbull
2014-11-19 22:27 ` EWW buffers Stefan Monnier
2014-11-20 6:47 ` Ivan Shmakov
2014-11-21 12:16 ` Lars Magne Ingebrigtsen
2014-11-19 15:56 ` Network security manager Eli Zaretskii
2014-11-19 22:23 ` Stefan Monnier
2014-11-20 16:22 ` Eli Zaretskii
2014-11-20 23:34 ` Stefan Monnier
2014-11-21 8:10 ` Eli Zaretskii
2014-11-21 9:24 ` Lars Magne Ingebrigtsen
2014-11-21 9:40 ` Eli Zaretskii
2014-11-21 11:12 ` Lars Magne Ingebrigtsen
2014-11-21 10:36 ` Andreas Schwab
2014-11-21 13:30 ` Daniel Colascione
2014-11-21 15:05 ` Stefan Monnier
2014-11-21 15:02 ` Stefan Monnier
2014-11-18 18:30 ` Eli Zaretskii
2014-11-18 18:41 ` Lars Magne Ingebrigtsen
2014-11-18 18:42 ` Eli Zaretskii
2014-11-18 18:24 ` Eli Zaretskii
2014-11-18 18:22 ` Ted Zlatanov
2014-11-18 17:28 ` Ted Zlatanov
2014-11-18 17:36 ` Lars Magne Ingebrigtsen
2014-11-18 17:44 ` Ted Zlatanov
2014-11-18 18:10 ` Lars Magne Ingebrigtsen
2014-11-18 22:09 ` Toke Høiland-Jørgensen
[not found] ` <87egt0792y.fsf@echidna.jochen.org>
2014-11-18 17:28 ` Lars Magne Ingebrigtsen
2014-11-19 4:31 ` Ted Zlatanov
2014-11-19 5:43 ` Toke Høiland-Jørgensen
2014-11-19 8:44 ` Lars Magne Ingebrigtsen
2014-11-19 11:09 ` Ted Zlatanov
2014-11-19 11:19 ` Lars Magne Ingebrigtsen
2014-11-19 11:41 ` Ted Zlatanov
2014-11-19 11:50 ` Lars Magne Ingebrigtsen
2014-11-19 12:11 ` Ted Zlatanov
2014-11-19 14:16 ` Lars Magne Ingebrigtsen
2014-11-19 8:46 ` Lars Magne Ingebrigtsen
2014-11-18 20:50 ` Toke Høiland-Jørgensen
2014-11-18 21:06 ` Lars Magne Ingebrigtsen
2014-11-18 21:10 ` Toke Høiland-Jørgensen
2014-11-18 21:54 ` Lars Magne Ingebrigtsen
2014-11-18 21:57 ` Toke Høiland-Jørgensen
2014-11-18 22:13 ` Lars Magne Ingebrigtsen
2014-11-18 22:18 ` Toke Høiland-Jørgensen
2014-11-18 22:54 ` Lars Magne Ingebrigtsen
2014-11-19 6:03 ` Toke Høiland-Jørgensen [this message]
2014-11-19 8:55 ` Lars Magne Ingebrigtsen
2014-11-19 12:05 ` Garreau, Alexandre
2014-11-19 12:17 ` Lars Magne Ingebrigtsen
2014-11-19 12:26 ` Garreau, Alexandre
2014-11-19 12:29 ` Lars Magne Ingebrigtsen
2014-11-23 19:53 ` Lars Magne Ingebrigtsen
2014-11-23 19:59 ` Lars Magne Ingebrigtsen
2014-11-23 20:23 ` Garreau, Alexandre
2014-11-23 20:36 ` Lars Magne Ingebrigtsen
2014-11-23 20:41 ` Lars Magne Ingebrigtsen
2014-11-23 22:24 ` Lars Magne Ingebrigtsen
2014-11-23 22:30 ` joakim
2014-11-30 13:38 ` Stefan Monnier
2014-11-30 22:29 ` Lars Magne Ingebrigtsen
2014-12-01 3:10 ` Stefan Monnier
2014-11-19 14:35 ` Lars Magne Ingebrigtsen
2014-11-19 16:33 ` Toke Høiland-Jørgensen
2014-11-19 16:38 ` Lars Magne Ingebrigtsen
2014-11-19 21:00 ` Toke Høiland-Jørgensen
2014-11-18 21:23 ` Ted Zlatanov
2014-11-18 19:45 ` Lars Magne Ingebrigtsen
2014-11-18 20:33 ` Toke Høiland-Jørgensen
2014-11-18 22:37 ` Lars Magne Ingebrigtsen
2014-11-18 21:37 ` Toke Høiland-Jørgensen
2014-11-18 21:57 ` Lars Magne Ingebrigtsen
2014-11-18 22:03 ` Toke Høiland-Jørgensen
2014-11-18 22:13 ` Lars Magne Ingebrigtsen
2014-11-18 15:22 ` Ted Zlatanov
2014-11-18 15:33 ` Lars Magne Ingebrigtsen
2014-11-18 17:03 ` Glenn Morris
2014-11-18 17:17 ` Daniel Colascione
2014-11-18 17:41 ` Eli Zaretskii
2014-11-22 10:27 ` Steinar Bang
2014-11-17 16:57 ` Romain Francoise
2014-11-17 18:30 ` Stefan Monnier
2014-11-18 8:29 ` Stephen Leake
2014-11-18 15:49 ` Stefan Monnier
2014-11-18 16:01 ` Ted Zlatanov
2014-11-18 16:24 ` Lars Magne Ingebrigtsen
2014-11-18 21:21 ` Toke Høiland-Jørgensen
2014-11-18 22:25 ` Lars Magne Ingebrigtsen
2014-11-18 22:28 ` Toke Høiland-Jørgensen
2014-11-22 5:24 ` emacs-dynamic-module in Emacs Git? Stephen Leake
2014-11-22 15:49 ` Stefan Monnier
2014-11-22 17:12 ` Óscar Fuentes
2014-11-22 23:28 ` Ted Zlatanov
2014-11-23 10:38 ` Aurélien Aptel
2014-11-24 1:19 ` Aurélien Aptel
2014-11-25 10:05 ` Ted Zlatanov
2014-11-26 17:05 ` Aurélien Aptel
2014-11-27 2:10 ` Ted Zlatanov
2014-11-27 15:38 ` Aurélien Aptel
2014-11-27 15:45 ` Ted Zlatanov
2014-11-29 17:05 ` Eli Zaretskii
2014-11-29 17:45 ` Eli Zaretskii
2014-11-30 14:08 ` Stefan Monnier
2014-11-30 15:42 ` Eli Zaretskii
2014-11-30 18:09 ` Stefan Monnier
2014-12-01 0:44 ` Ted Zlatanov
2014-12-01 3:41 ` Stefan Monnier
2014-12-01 10:31 ` Ted Zlatanov
2014-12-01 13:45 ` Stefan Monnier
2014-12-01 14:10 ` Aurélien Aptel
2014-12-01 14:47 ` Ted Zlatanov
2014-12-01 15:04 ` Stefan Monnier
2014-12-01 15:36 ` Ted Zlatanov
2014-12-01 16:28 ` Aurélien Aptel
2014-12-01 17:05 ` Ted Zlatanov
2014-12-01 22:46 ` Stephen Leake
2014-12-01 17:44 ` Eli Zaretskii
2014-12-01 19:40 ` Stefan Monnier
2014-12-01 20:19 ` Ted Zlatanov
2014-12-02 21:22 ` Ted Zlatanov
2014-12-04 20:40 ` Aurélien Aptel
2014-12-05 1:02 ` Ted Zlatanov
2014-12-05 2:43 ` Ivan Andrus
2014-12-10 0:53 ` Ted Zlatanov
2014-12-11 15:49 ` Aurélien Aptel
2014-12-11 14:35 ` Ted Zlatanov
2014-12-01 19:12 ` Stefan Monnier
2014-12-01 22:42 ` Stephen Leake
2014-12-02 1:16 ` Ted Zlatanov
2014-12-02 3:29 ` Stefan Monnier
2014-12-01 16:21 ` Eli Zaretskii
2014-12-01 13:59 ` Aurélien Aptel
2014-12-01 16:51 ` Eli Zaretskii
2014-12-01 22:58 ` Stephen Leake
2014-12-02 3:33 ` Stefan Monnier
2014-12-03 9:27 ` Stephen Leake
2014-12-03 13:57 ` Stefan Monnier
2014-12-03 17:41 ` Eli Zaretskii
2014-12-02 3:40 ` Eli Zaretskii
2014-12-02 17:58 ` Steinar Bang
2014-12-02 18:09 ` Eli Zaretskii
2014-12-03 10:04 ` Stephen Leake
2014-12-03 10:55 ` David Kastrup
2014-12-03 21:11 ` Stephen Leake
2014-12-03 17:56 ` Eli Zaretskii
2014-12-03 19:05 ` Stefan Monnier
2014-11-17 16:07 ` Network security manager Eli Zaretskii
2014-11-17 18:58 ` Lars Magne Ingebrigtsen
2014-11-17 19:05 ` Eli Zaretskii
2014-11-17 19:37 ` Lars Magne Ingebrigtsen
2014-11-17 19:49 ` Óscar Fuentes
2014-11-17 20:00 ` Lars Magne Ingebrigtsen
2014-11-17 20:31 ` Óscar Fuentes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87wq6r4tii.fsf@alrua-karlstad.karlstad.toke.dk \
--to=toke@toke.dk \
--cc=emacs-devel@gnu.org \
--cc=larsi@gnus.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).