From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Lars Magne Ingebrigtsen Newsgroups: gmane.emacs.devel Subject: Re: Network security manager Date: Wed, 19 Nov 2014 09:55:00 +0100 Message-ID: References: <85a93pj1n5.fsf@stephe-leake.org> <87sihg7r73.fsf@alrua-karlstad.karlstad.toke.dk> <87a93oilxl.fsf@lifelogs.com> <87fvdg6xnn.fsf@alrua-karlstad.karlstad.toke.dk> <878uj86wr4.fsf@alrua-karlstad.karlstad.toke.dk> <87r3x05fze.fsf@alrua-karlstad.karlstad.toke.dk> <87d28k5f17.fsf@alrua-karlstad.karlstad.toke.dk> <87wq6r4tii.fsf@alrua-karlstad.karlstad.toke.dk> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable X-Trace: ger.gmane.org 1416387357 28761 80.91.229.3 (19 Nov 2014 08:55:57 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Wed, 19 Nov 2014 08:55:57 +0000 (UTC) Cc: emacs-devel@gnu.org To: Toke =?iso-8859-1?Q?H=F8iland-J=F8rgensen?= Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Wed Nov 19 09:55:51 2014 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Xr13H-0004iF-2T for ged-emacs-devel@m.gmane.org; Wed, 19 Nov 2014 09:55:51 +0100 Original-Received: from localhost ([::1]:57033 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xr13G-00029Y-OT for ged-emacs-devel@m.gmane.org; Wed, 19 Nov 2014 03:55:50 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:35645) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xr12s-00029R-UP for emacs-devel@gnu.org; Wed, 19 Nov 2014 03:55:32 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Xr12n-0001WW-NW for emacs-devel@gnu.org; Wed, 19 Nov 2014 03:55:26 -0500 Original-Received: from hermes.netfonds.no ([80.91.224.195]:42282) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xr12n-0001Uy-DK for emacs-devel@gnu.org; Wed, 19 Nov 2014 03:55:21 -0500 Original-Received: from cm-84.215.51.58.getinternet.no ([84.215.51.58] helo=stories.gnus.org) by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1Xr12T-0006Gu-9v; Wed, 19 Nov 2014 09:55:01 +0100 Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAFVBMVEUjBhX59vD8/PwJAQmC UFHUvav36dJoJcG2AAACPUlEQVQ4jV2UsZLjIBBE5w588aK6VS7VSjFV2DllDY5tL5DLJfj/T7hG QrZvyczTTPc0BlJNj6WEMSSu1hhzKr/7jjYwYMdZD2x08w6+sCHdUirMfS15Ack35QngvIF1v/8w xjql2tLs1zv4NpqianP63tUrmCAxF3Dd1TcwQuKgsBLvItRXt8wuZ8+8T7IBmLLMl0U6B3V9fwEh OMa4BB/MTyBhNquc/gfDZKCds1KLkUI2L7tWYLycVHs1+hjnFwjWzQBznszxpvLjCT4tR4CchIn4 Ij6qRj9IGefE+WqOGSvddzAyxRCit+aYUgh+d9V3EFnYOmtOOQfPVaPr+9RyZkbqFzSyVIGCekyX NsJszHOy4r6DToXMMYhNW5gdlDjmq0Ycf4qnFRTpXPbbNab4BKt4nksHHOsxFTBV0JVcEdWCTglR YsxakVNsIBMtxYSW0e+g95cGZaH0AwhenCv44gKWorwOPv2uoLMP1bZFOEcAaU977MO8ztLCEjK0 RHdqxjyjBT5PnyEmZBz4SkJSM+Dg5tSGkJML6yImcaytumI/SZSG4AQjswrGtgBdSrwT9AJ5KcBo dp7kpMmcSK2dsofPpdweC2DIHDYwBEzHiJckEZWb6LZW6db6IHBO+gfwj8TeOFwfqmBrNboRbsyh ArNWrOA2hE/8pSaIbBU6AKh+bP5eKtAbOAA0RcWfcfk1xMvLAeDCZhfqflnfC2lLMwo7cH1Yiqhm iyX5CZpe2dXNtvQT9Nsz8gb+ATyq4jQ3pEOOAAAAAElFTkSuQmCC X-Now-Playing: Lori Carson's _Everything I Touch Runs Wild (1)_: "Something's Got Me" X-Hashcash: 1:23:141119:toke@toke.dk::Iawg6Fu0BjuZy0sm:00000sc3Z X-Hashcash: 1:23:141119:emacs-devel@gnu.org::iWD6UI9grSngMZka:000000000000000000000000000000000000000001FSU4 In-Reply-To: <87wq6r4tii.fsf@alrua-karlstad.karlstad.toke.dk> ("Toke \=\?iso-8859-1\?Q\?H\=F8iland-J\=F8rgensen\=22's\?\= message of "Wed, 19 Nov 2014 07:03:01 +0100") User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux) X-MailScanner-ID: 1Xr12T-0006Gu-9v MailScanner-NULL-Check: 1416992102.11473@cEkeNwBMtt1bd058ZZbsjQ X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 80.91.224.195 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:177722 Archived-At: Toke H=F8iland-J=F8rgensen writes: > Once the fingerprint is stored, though, it fails in weird ways. I tried > manually modifying the fingerprint in the network-security.data file (to > make verification fail). This elicits this behaviour: > > - On security levels high and paranoid, verification just fails silently > (open-network-stream returns nil), with no option to update the stored > fingerprint. > > - On security levels low and medium, verification *succeeds*, even > though a fingerprint is stored that does not match the certificate. Sounds like a bug. >"? I'll have a look at it tonight. > Finally, GnuTLS has the ability to generate ASCII art of the certificate > public key, like this: > > Public key's random art: > +--[ RSA 4096]----+ > | ..o .| > | ooo.o| > | .o..o| > | . o + .| > | . S =3D E | > | o . o . | > | =3D o . o | > | B .. .... | > | .+ oo..o++ | > +-----------------+ Unfortunately, this seems to have been introduced in a later version of the library than what I have on my development machine, so I haven't been able to test. > Supposedly, this should make it possible to verify a certificate at a > glance (relying on human visual memory being superior to our ability to > recognise long strings of alphanumericals). Might be worthwhile to > include this in (some of) the popups? Can't really figure out if I think > it's just a gimmick, or what, but I thought I'd suggest it. Gnutls-cli > uses it... The function is gnutls_random_art(). Yeah, I don't know either whether it's useful. Does anybody else have an opinion? Anybody ever found the "random art" handy? --=20 (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no