From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Lars Magne Ingebrigtsen Newsgroups: gmane.emacs.devel Subject: Re: Network security manager Date: Tue, 18 Nov 2014 18:28:26 +0100 Message-ID: References: <85a93pj1n5.fsf@stephe-leake.org> <87sihg7r73.fsf@alrua-karlstad.karlstad.toke.dk> <87a93oilxl.fsf@lifelogs.com> <87oas4h555.fsf@lifelogs.com> <87a93oh180.fsf@lifelogs.com> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1416331757 27843 80.91.229.3 (18 Nov 2014 17:29:17 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Tue, 18 Nov 2014 17:29:17 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Nov 18 18:29:10 2014 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1XqmaT-0001Ny-WD for ged-emacs-devel@m.gmane.org; Tue, 18 Nov 2014 18:29:10 +0100 Original-Received: from localhost ([::1]:54474 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XqmaT-0006J9-KY for ged-emacs-devel@m.gmane.org; Tue, 18 Nov 2014 12:29:09 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:35248) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XqmaA-0006Iv-Lj for emacs-devel@gnu.org; Tue, 18 Nov 2014 12:28:55 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Xqma5-0007fk-BK for emacs-devel@gnu.org; Tue, 18 Nov 2014 12:28:50 -0500 Original-Received: from hermes.netfonds.no ([80.91.224.195]:32973) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xqma5-0007fg-5R for emacs-devel@gnu.org; Tue, 18 Nov 2014 12:28:45 -0500 Original-Received: from cm-84.215.51.58.getinternet.no ([84.215.51.58] helo=stories.gnus.org) by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1XqmZm-0002gM-VU for emacs-devel@gnu.org; Tue, 18 Nov 2014 18:28:27 +0100 Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAElBMVEWkb2iKfqC7qK+EFwmy UzKtNRbH67YOAAACS0lEQVQ4jU2TTXLDIAyFBXH3ltMDGJoDOKOwp7bYt2O4/1X6hJ2kLDwefTx4 +oGktaY5TjOzmybmKTCPzExXxLH8NMUwzQ7AjYx/mquWTUR5phgDVNjdwahaRJIyESTMceoo0EN1 T3vNtJC3raDRCOEk0apZRDZ3BegrBFKVVItuorssHJ8LYEsNANc/9sW28qEi3FDh9orPlhDgp6Js SOQ7TAbEDB8CmP9ora7zDHdqkRN8EQOU6r9a1dXiIZ6KEQJsHqwsgV9rJAVoBltbYyfxAAi2/YDR x7cEADm3vZaWb/oGVztqN1VJftD1eYvzKIkWdKTVn1k1v67vAIEIx/E/EKrenNKA7FDkf+AxH6I1 zqWq69E4maL0Wxrq+QI8TQAIAyQdstaBCONwA75bgukwlkm/CVNCAyrgqexiomLDdcsOVeRPj8ZT srkqbWvVWyI998+wOOKG2y31DFtoCTqFqXKB2A5CDXWdbyew4jK5amZx3hqHZul0v5e7mbe4tVeb 1+aCTbW4N0ATS2z1+6gI8tAnyKjXR089MBT1BCAoWjlrIkz5BDa/qvVZ3EB0Ckp/P78neATyB5AO Gk6yURmXF8DQ4YZ6Ts94B+jpYSDQmLLaI7MZgat8KlLDj4YOlgvA4wWszGvPYpA7U8JLkvQPjDSK AVGMotnqIM9s3RXXwS44/1BgGsi5sQM4SvXWAQg6J3IRAkiwuj5BxgzAkyjRbhFf8K14W7qkOo4X 2QBwViUDbYBYfrNcHiJESVKqAyZOfi6glpxWkfAH6nXXIJhBst0AAAAASUVORK5CYII= X-Now-Playing: Talking Heads's _Once In A Lifetime (2)_: "Drugs (Alternate Version)" X-Hashcash: 1:23:141118:emacs-devel@gnu.org::WUQ7NNcUDz5P7NYq:000000000000000000000000000000000000000001C3m/ In-Reply-To: <87a93oh180.fsf@lifelogs.com> (Ted Zlatanov's message of "Tue, 18 Nov 2014 12:23:27 -0500") User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/24.4.51 (gnu/linux) X-MailScanner-ID: 1XqmZm-0002gM-VU MailScanner-NULL-Check: 1416936507.45557@Lx85ZSmVZL/i2Z6DPZroXg X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 80.91.224.195 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:177598 Archived-At: Ted Zlatanov writes: > LMI> 1) Drop certificate checking for images in shr. I mean, do we care? > > I think we care. What are the security implications of inserting an image from a source we can't validate? 99% of the images aren't over TLS, anyway, and aren't validated... > LMI> 2) If being run from the async context (how do we check for that?), > LMI> refuse to handle insecure TLS connections silently. > > Works for me, as long as the errors are reviewable in the NSM. I should > be able to go somewhere and hit a button "allow this cert from now on". shr should really insert "broken image" markers into the buffers (and "loading images"), and then the user could just hit RET on one of the broken images and then get queried about the certificate interactively... Which reminds me: We need a way to determine that Emacs is running non-interactively as well as being run from an async context. What's the way to do that? -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no