From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Lars Magne Ingebrigtsen <larsi@gnus.org>
Newsgroups: gmane.emacs.devel
Subject: Re: Network security manager
Date: Tue, 18 Nov 2014 19:10:23 +0100
Organization: Programmerer Ingebrigtsen
Message-ID: <m3lhn8crcg.fsf@stories.gnus.org>
References: <m3zjbqouyk.fsf@stories.gnus.org>
	<jwvk32uq67g.fsf-monnier+emacs@gnu.org>
	<85a93pj1n5.fsf@stephe-leake.org> <m3oas5am0b.fsf@stories.gnus.org>
	<CAG-q9=Z7_T1-AYz=pYjvJeg1BM1i9VjYAu76V_pD5F7MpR8a2A@mail.gmail.com>
	<m3bno5igmh.fsf@stories.gnus.org>
	<87sihg7r73.fsf@alrua-karlstad.karlstad.toke.dk>
	<87a93oilxl.fsf@lifelogs.com> <m3h9xw5xyd.fsf@stories.gnus.org>
	<87oas4h555.fsf@lifelogs.com> <m3d28kfpte.fsf@stories.gnus.org>
	<8761ech0zm.fsf@lifelogs.com> <m3tx1we7hi.fsf@stories.gnus.org>
	<87tx1wflnw.fsf@lifelogs.com>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: ger.gmane.org 1416334272 7752 80.91.229.3 (18 Nov 2014 18:11:12 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Tue, 18 Nov 2014 18:11:12 +0000 (UTC)
To: emacs-devel@gnu.org
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Nov 18 19:11:06 2014
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1XqnF1-0002xu-1h
	for ged-emacs-devel@m.gmane.org; Tue, 18 Nov 2014 19:11:03 +0100
Original-Received: from localhost ([::1]:54631 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1XqnF0-00088J-Gc
	for ged-emacs-devel@m.gmane.org; Tue, 18 Nov 2014 13:11:02 -0500
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:47986)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1XqnEg-000885-Lj
	for emacs-devel@gnu.org; Tue, 18 Nov 2014 13:10:48 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1XqnEY-0006KP-Sm
	for emacs-devel@gnu.org; Tue, 18 Nov 2014 13:10:42 -0500
Original-Received: from plane.gmane.org ([80.91.229.3]:59289)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1XqnEY-0006KD-DY
	for emacs-devel@gnu.org; Tue, 18 Nov 2014 13:10:34 -0500
Original-Received: from list by plane.gmane.org with local (Exim 4.69)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1XqnEW-0002mt-Tm
	for emacs-devel@gnu.org; Tue, 18 Nov 2014 19:10:32 +0100
Original-Received: from cm-84.215.51.58.getinternet.no ([84.215.51.58])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <emacs-devel@gnu.org>; Tue, 18 Nov 2014 19:10:32 +0100
Original-Received: from larsi by cm-84.215.51.58.getinternet.no with local (Gmexim 0.1
	(Debian)) id 1AlnuQ-0007hv-00
	for <emacs-devel@gnu.org>; Tue, 18 Nov 2014 19:10:32 +0100
X-Injected-Via-Gmane: http://gmane.org/
Mail-Followup-To: emacs-devel@gnu.org
Original-Lines: 19
Original-X-Complaints-To: usenet@ger.gmane.org
X-Gmane-NNTP-Posting-Host: cm-84.215.51.58.getinternet.no
Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAElBMVEWkb2iKfqC7qK+EFwmy
	UzKtNRbH67YOAAACS0lEQVQ4jU2TTXLDIAyFBXH3ltMDGJoDOKOwp7bYt2O4/1X6hJ2kLDwefTx4
	+oGktaY5TjOzmybmKTCPzExXxLH8NMUwzQ7AjYx/mquWTUR5phgDVNjdwahaRJIyESTMceoo0EN1
	T3vNtJC3raDRCOEk0apZRDZ3BegrBFKVVItuorssHJ8LYEsNANc/9sW28qEi3FDh9orPlhDgp6Js
	SOQ7TAbEDB8CmP9ora7zDHdqkRN8EQOU6r9a1dXiIZ6KEQJsHqwsgV9rJAVoBltbYyfxAAi2/YDR
	x7cEADm3vZaWb/oGVztqN1VJftD1eYvzKIkWdKTVn1k1v67vAIEIx/E/EKrenNKA7FDkf+AxH6I1
	zqWq69E4maL0Wxrq+QI8TQAIAyQdstaBCONwA75bgukwlkm/CVNCAyrgqexiomLDdcsOVeRPj8ZT
	srkqbWvVWyI998+wOOKG2y31DFtoCTqFqXKB2A5CDXWdbyew4jK5amZx3hqHZul0v5e7mbe4tVeb
	1+aCTbW4N0ATS2z1+6gI8tAnyKjXR089MBT1BCAoWjlrIkz5BDa/qvVZ3EB0Ckp/P78neATyB5AO
	Gk6yURmXF8DQ4YZ6Ts94B+jpYSDQmLLaI7MZgat8KlLDj4YOlgvA4wWszGvPYpA7U8JLkvQPjDSK
	AVGMotnqIM9s3RXXwS44/1BgGsi5sQM4SvXWAQg6J3IRAkiwuj5BxgzAkyjRbhFf8K14W7qkOo4X
	2QBwViUDbYBYfrNcHiJESVKqAyZOfi6glpxWkfAH6nXXIJhBst0AAAAASUVORK5CYII=
Mail-Copies-To: never
X-Now-Playing: Talking Heads's _Once In A Lifetime (2)_: "Girlfriend Is Better"
User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/24.4.51 (gnu/linux)
Cancel-Lock: sha1:TdDvDWTYn8CQr5fdxJ15nWeN9Mw=
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 80.91.229.3
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:177618
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/177618>

Thinking about it a bit more, I see one security implication when
downloading images in eww without verifying the certificates.

Let's say you've logged in to https://example.com so you have a login
cookie.  Somebody could man-in-the-middle you between when you've loaded
the HTML and when you're loading the images from https://example.com,
and then you will be sending your login cookie to that man who sits
there in the middle.

This is the sort of scenario that Professional Security Professionals
love.

So...  failing and leaving a "broken image" icon in the buffer is
probably the safe thing to do.  (It's what all other browsers do.)

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no