From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Lars Magne Ingebrigtsen Newsgroups: gmane.emacs.devel Subject: Re: Network security manager Date: Tue, 18 Nov 2014 22:06:01 +0100 Message-ID: References: <85a93pj1n5.fsf@stephe-leake.org> <87sihg7r73.fsf@alrua-karlstad.karlstad.toke.dk> <87a93oilxl.fsf@lifelogs.com> <87fvdg6xnn.fsf@alrua-karlstad.karlstad.toke.dk> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable X-Trace: ger.gmane.org 1416344807 5015 80.91.229.3 (18 Nov 2014 21:06:47 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Tue, 18 Nov 2014 21:06:47 +0000 (UTC) Cc: emacs-devel@gnu.org To: Toke =?iso-8859-1?Q?H=F8iland-J=F8rgensen?= Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Nov 18 22:06:42 2014 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Xqpyw-0000Hh-6Y for ged-emacs-devel@m.gmane.org; Tue, 18 Nov 2014 22:06:38 +0100 Original-Received: from localhost ([::1]:55366 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xqpyv-0003xM-PU for ged-emacs-devel@m.gmane.org; Tue, 18 Nov 2014 16:06:37 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:34857) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xqpyn-0003tY-JQ for emacs-devel@gnu.org; Tue, 18 Nov 2014 16:06:34 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Xqpyi-0005fQ-Cc for emacs-devel@gnu.org; Tue, 18 Nov 2014 16:06:29 -0500 Original-Received: from hermes.netfonds.no ([80.91.224.195]:33652) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xqpyi-0005f8-72 for emacs-devel@gnu.org; Tue, 18 Nov 2014 16:06:24 -0500 Original-Received: from cm-84.215.51.58.getinternet.no ([84.215.51.58] helo=stories.gnus.org) by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1XqpyL-0005QP-Rl; Tue, 18 Nov 2014 22:06:01 +0100 Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAD1BMVEUtDBEKBAhGFRiQQTgn CA/UdHkZAAACKUlEQVQ4jZWU69HcIAxFAVMAwiqAhwuwpa8AsOm/pkjYTmYz2R9hZmdkLgIdPdbw l2W+CvCx8LdlYn/NDB1iFiNNYc1gAYIF1O8iwvozBUDkA7a8MYMNyUS4jluAoILs84Ene7edR7gF 8e8lV2ZyxWBoJo1HgACU3UmnR8BgMPVXGFiyvXbY5iHozxsa++g9uA+avwD/rA8hdBte/FsYEDJE iR+rDT1ur4AElcBl8Gu1q114CleGlY9SdkHflpprqtRVcLsKVQB5r8SppKXY+yo0bIVbNPE7a15K xufx3pkTZ90Q7ipnxyMgU6tUUlDWAa2rR3/KhtuAcVtDhEjKAB4gysH7Aq2jkXqtB8Td9iqf1aog UGAGBiYJmBxnKFSqMDAHMD2sQuZmyyCVon7MTh73cprjFPYqJkFXdK2H4/1iLqzwPhX16DjDOL1C 01bbgdpAPJ7smlZ5LySA8rLQe+hKHrXjsMNFpd94w5VJhEPs4YfHcbZxLwWchknGUNva4sdopx9o 1iRmbZTQFdmq26BxkpwMYIcgSnYlVudoazQuCUveyP1iogl4lUoS4FUVMNiowKx8i9SrUF5ewFAW SUXlStfe6g9IJsfT1NoFTOVHird07WEvgyPzIq3izkvS4mf1BOqjRfPX3p0J/YeAWnwVML/zoRY0 7Rrw8ovp9Vi1jQusm5zqDbTdDSykwlAhZkTXgw3zKhn8MGQEwPUoqZfp70E9/vvf5xcJbI7lw6bM FAAAAABJRU5ErkJggg== X-Now-Playing: Talking Heads's _The Name Of This Band Is Talking Heads (Disc 2: 1980-1981)_: "Psycho Killer" X-Hashcash: 1:23:141118:emacs-devel@gnu.org::tYjsHDxfa0FkIHnE:000000000000000000000000000000000000000000FBec X-Hashcash: 1:23:141118:toke@toke.dk::rMZjuEKi0eLyw0ol:00001YIVJ In-Reply-To: <87fvdg6xnn.fsf@alrua-karlstad.karlstad.toke.dk> ("Toke \=\?iso-8859-1\?Q\?H\=F8iland-J\=F8rgensen\=22's\?\= message of "Tue, 18 Nov 2014 21:50:36 +0100") User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/24.4.51 (gnu/linux) X-MailScanner-ID: 1XqpyL-0005QP-Rl MailScanner-NULL-Check: 1416949562.05137@llZ2jFg1XjoWBQPf9t9RkQ X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 80.91.224.195 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:177658 Archived-At: Toke H=F8iland-J=F8rgensen writes: > Tangentially related, one thing I would like to be able to have, is to > have multiple fingerprints stored for the same host,post tuple *at the > same time*. I run into this problem with servers that do round-robin to > different servers with different certs for the same hostname. I'd like > to be able to store all of them at once (by, for instance, connecting a > bunch of times and trusting the certificates one by one, and then know > that after that a mismatch should be considered suspicious). That should be easy to implement -- we can just allow the :fingerprint slot to be a list and check against that. But what would the user interface say? Today it says The fingerprint for the connection to %s:%s has changed from\n%s to\n%s Connect anyway? (no, session only, always) So... erm...=20=20 Connect anyway? (no, session only, always, add new fingerprint) No, that's two "a"'s... --=20 (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no