From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: =?utf-8?Q?Toke_H=C3=B8iland-J=C3=B8rgensen?= Newsgroups: gmane.emacs.devel Subject: Re: Network security manager Date: Wed, 19 Nov 2014 07:03:01 +0100 Message-ID: <87wq6r4tii.fsf@alrua-karlstad.karlstad.toke.dk> References: <85a93pj1n5.fsf@stephe-leake.org> <87sihg7r73.fsf@alrua-karlstad.karlstad.toke.dk> <87a93oilxl.fsf@lifelogs.com> <87fvdg6xnn.fsf@alrua-karlstad.karlstad.toke.dk> <878uj86wr4.fsf@alrua-karlstad.karlstad.toke.dk> <87r3x05fze.fsf@alrua-karlstad.karlstad.toke.dk> <87d28k5f17.fsf@alrua-karlstad.karlstad.toke.dk> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1416377021 2836 80.91.229.3 (19 Nov 2014 06:03:41 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Wed, 19 Nov 2014 06:03:41 +0000 (UTC) Cc: emacs-devel@gnu.org To: Lars Magne Ingebrigtsen Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Wed Nov 19 07:03:34 2014 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1XqyMW-000493-7V for ged-emacs-devel@m.gmane.org; Wed, 19 Nov 2014 07:03:32 +0100 Original-Received: from localhost ([::1]:56630 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XqyMV-0007Fr-KF for ged-emacs-devel@m.gmane.org; Wed, 19 Nov 2014 01:03:31 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:54568) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XqyMF-0007Fm-2k for emacs-devel@gnu.org; Wed, 19 Nov 2014 01:03:19 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XqyM9-0004bn-S4 for emacs-devel@gnu.org; Wed, 19 Nov 2014 01:03:15 -0500 Original-Received: from mail2.tohojo.dk ([77.235.48.147]:52135) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XqyM9-0004bV-KH for emacs-devel@gnu.org; Wed, 19 Nov 2014 01:03:09 -0500 X-Virus-Scanned: amavisd-new at mail2.tohojo.dk Original-Received: by alrua-karlstad.karlstad.toke.dk (Postfix, from userid 1000) id D7CF41E63B1; Wed, 19 Nov 2014 07:03:01 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toke.dk; s=201310; t=1416376606; bh=SWyNP5/M8R1sjY8KuqQMPSgRD/qSW61RpvO+PAgm6qE=; h=From:To:Cc:Subject:References:Date:In-Reply-To; b=qKOW19k+R/tc3OXjMD3ZAVuvmrTvWMiX5Ftm6LucpcX5WHrQwd1DsDOPfHcQjB4yF CIW04ImuUvplB9Pcc8WY5mx/JrX4ETfRPMalXOAVNBjp5iixHes62irisxQbCL4HXe LgvbL474jK64weyioCBOz9t7Z3JDYfobxCj3Z3A8= In-Reply-To: (Lars Magne Ingebrigtsen's message of "Tue, 18 Nov 2014 23:54:09 +0100") X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 77.235.48.147 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:177714 Archived-At: Lars Magne Ingebrigtsen writes: > Things that require extensive customisations almost never get used, so > I'm not sure it's worth it. Well it would default to something sensible, of course. I'd use it ;) > Pushed now. Okay, so the initial prompt on paranoid level works. Would be nice if the initial prompt popped up the same certificate information as the other confirmation prompts, to make it easier to verify that it's the right certificate. That goes for when the fingerprint changes as well, I suppose... Once the fingerprint is stored, though, it fails in weird ways. I tried manually modifying the fingerprint in the network-security.data file (to make verification fail). This elicits this behaviour: - On security levels high and paranoid, verification just fails silently (open-network-stream returns nil), with no option to update the stored fingerprint. - On security levels low and medium, verification *succeeds*, even though a fingerprint is stored that does not match the certificate. I would consider especially the second point to be a big no-no; even if the security level is subsequently lowered, having a stored fingerprint should take precedence and fail the verification. Maybe the "continue anyway" could cause the stored fingerprint to be removed, but just continuing regardless is bad IMO. Finally, GnuTLS has the ability to generate ASCII art of the certificate public key, like this: Public key's random art: +--[ RSA 4096]----+ | ..o .| | ooo.o| | .o..o| | . o + .| | . S = E | | o . o . | | = o . o | | B .. .... | | .+ oo..o++ | +-----------------+ Supposedly, this should make it possible to verify a certificate at a glance (relying on human visual memory being superior to our ability to recognise long strings of alphanumericals). Might be worthwhile to include this in (some of) the popups? Can't really figure out if I think it's just a gimmick, or what, but I thought I'd suggest it. Gnutls-cli uses it... The function is gnutls_random_art(). -Toke