From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Lars Magne Ingebrigtsen Newsgroups: gmane.emacs.devel Subject: Re: Network security manager Date: Mon, 17 Nov 2014 19:55:20 +0100 Message-ID: References: <87wq6uj5gt.fsf@lifelogs.com> <87k32tkh1x.fsf@lifelogs.com> <87bno5ke49.fsf@lifelogs.com> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1416250583 7916 80.91.229.3 (17 Nov 2014 18:56:23 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Mon, 17 Nov 2014 18:56:23 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Nov 17 19:56:17 2014 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1XqRTE-00089g-VC for ged-emacs-devel@m.gmane.org; Mon, 17 Nov 2014 19:56:17 +0100 Original-Received: from localhost ([::1]:49728 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XqRTE-0005HS-GO for ged-emacs-devel@m.gmane.org; Mon, 17 Nov 2014 13:56:16 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:44291) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XqRSs-0004sv-11 for emacs-devel@gnu.org; Mon, 17 Nov 2014 13:55:59 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XqRSm-0002KX-Ne for emacs-devel@gnu.org; Mon, 17 Nov 2014 13:55:53 -0500 Original-Received: from hermes.netfonds.no ([80.91.224.195]:38940) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XqRSm-0002KR-Gu for emacs-devel@gnu.org; Mon, 17 Nov 2014 13:55:48 -0500 Original-Received: from cm-84.215.51.58.getinternet.no ([84.215.51.58] helo=stories.gnus.org) by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1XqRSK-0005CT-Ou for emacs-devel@gnu.org; Mon, 17 Nov 2014 19:55:20 +0100 Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAG1BMVEX1tEnBGAbgbySWAACT AACuAwCYAACVAADNNw9GWJ9RAAACY0lEQVQ4jV2TQYvbMBCF1cBCjqsFQY6JoJBrkSufi4V1XQXG 5Lore9y7TXxdG7boZ3ckOdu4Y0jw+zwjaTSP7aQMnOKwSMZ28swBoPHGpJeZQJAJBAGA2BI4MiZD 4IcE6BsBDeK4gnOgkPIYc6NemgyoAMUiaYFUSJk7iBk8zLPABlBrk4DMCZx3AtqqznUiWI5puwIE GMAR/biCEDeyRluYek0wDHjSmg7BPAaLajqRwS3AHHXdVlswkerRF6YYt8ASKPOZtkATUBq3nxtd EPA4KCpFMU1ZrhS2BEq02qtB+1HnjVW0as8U+nqsSqU9FqipolU16SPziLawY6ULa+JFqEFZVIVh pirTwnb9GcopSexxL0NppkGVxvotUIp2NWk9jnEYHvTccVp6nB6AtapMq1SoRrvJyIfvS2rRI6jW pvQ33d9s8QWqYTSpLcNwa7Vv/wFftm38r2/YI/blHVDbCjo7XTqpWlATzZCK06svfrWo+wYbdF3P zJQbSpOpfmKHCAjde6NZ3qXNN//nRwfv9LwJZOl2iilmvOHp95VfxcXBp6M7p1bWfQMNXIFfxOUq HBczxPEpjNY0cuA+X65Pr87RtB4INHRfXUfTe4Lvr/DkAhWiIWQddg12EBYCp4vYw0ylIgDo6OGL 5Hu+fxFSEHARuE9wLlr2eb87LfzC85ATcOCel/N5t5DTZu44fU6+cGwJH+z48W0+L4FcPacEWiWw GB8LeY1K82QtcGTuDNg5mcplazlydjQ9xexoY/dwSxaTDHgHVH3VJWSzfen3hORLam2XZB4y2MnV g+Xtf/AX9+hDfBmmHOoAAAAASUVORK5CYII= X-Now-Playing: The Cure's _Kiss Me, Kiss Me, Kiss Me_ X-Hashcash: 1:23:141117:emacs-devel@gnu.org::DfZkoZQAt8w9RQzP:000000000000000000000000000000000000000000Ksp8 In-Reply-To: <87bno5ke49.fsf@lifelogs.com> (Ted Zlatanov's message of "Mon, 17 Nov 2014 11:04:22 -0500") User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux) X-MailScanner-ID: 1XqRSK-0005CT-Ou MailScanner-NULL-Check: 1416855321.14141@xcHMzapa9ZyhBUGDN5P3Jw X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 80.91.224.195 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:177473 Archived-At: Ted Zlatanov writes: > Generally we could distinguish between POP3 and SMTP and IMAP and such, > where self-signed certificates are common, and HTTP/S and generic > connections, where they aren't. Does that seem reasonable? The default things we warn about may differ per protocol. For instance, I don't really think that anybody expects (or cares) whether their SMTP connections are encrypted, or whether that encryption is based on a self-signed or expired certificate. While they certainly do care with HTTPS, and probably with POP3, I think. So there will be a range of security actions we can take here, and in addition, the user should be allowed to have `low', `medium', `high' and `professional-security-professional', I mean `paranoid', settings. > I'd add a CLI option --insecure/-k (same as curl) to override the > default, but no more than that, and without special --batch behavior. Yes, that might be nice. > Can you please work against emacs-24? It's easy enough to apply the > changes to master if that's the final decision and I don't think master > has anything you need. Except maybe the read-only text property thing > you added. This won't need that, and, yes, I'm doing this based on the emacs-24 tree. I mean, if I said the right thing to git just now. -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no