From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Lars Magne Ingebrigtsen <larsi@gnus.org>
Newsgroups: gmane.emacs.devel
Subject: Re: Network security manager
Date: Tue, 18 Nov 2014 20:45:17 +0100
Message-ID: <m3lhn8mgxe.fsf@stories.gnus.org>
References: <m3zjbqouyk.fsf@stories.gnus.org>
	<jwvk32uq67g.fsf-monnier+emacs@gnu.org>
	<85a93pj1n5.fsf@stephe-leake.org> <m3oas5am0b.fsf@stories.gnus.org>
	<CAG-q9=Z7_T1-AYz=pYjvJeg1BM1i9VjYAu76V_pD5F7MpR8a2A@mail.gmail.com>
	<m3bno5igmh.fsf@stories.gnus.org>
	<87sihg7r73.fsf@alrua-karlstad.karlstad.toke.dk>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
X-Trace: ger.gmane.org 1416339974 14354 80.91.229.3 (18 Nov 2014 19:46:14 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Tue, 18 Nov 2014 19:46:14 +0000 (UTC)
Cc: Emacs development discussions <emacs-devel@gnu.org>
To: Toke =?iso-8859-1?Q?H=F8iland-J=F8rgensen?= <toke@toke.dk>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Nov 18 20:46:09 2014
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1Xqoj2-0000yl-Bs
	for ged-emacs-devel@m.gmane.org; Tue, 18 Nov 2014 20:46:08 +0100
Original-Received: from localhost ([::1]:55043 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1Xqoj1-0008Ch-Ol
	for ged-emacs-devel@m.gmane.org; Tue, 18 Nov 2014 14:46:07 -0500
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:44823)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <larsi@gnus.org>) id 1Xqoid-00088s-75
	for emacs-devel@gnu.org; Tue, 18 Nov 2014 14:45:48 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <larsi@gnus.org>) id 1XqoiY-0006Gj-4E
	for emacs-devel@gnu.org; Tue, 18 Nov 2014 14:45:43 -0500
Original-Received: from hermes.netfonds.no ([80.91.224.195]:51708)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <larsi@gnus.org>) id 1XqoiX-0006G9-JP
	for emacs-devel@gnu.org; Tue, 18 Nov 2014 14:45:37 -0500
Original-Received: from cm-84.215.51.58.getinternet.no ([84.215.51.58]
	helo=stories.gnus.org)
	by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16)
	(Exim 4.72) (envelope-from <larsi@gnus.org>)
	id 1XqoiD-0004RQ-Oz; Tue, 18 Nov 2014 20:45:17 +0100
Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAJFBMVEVUCQZ2hNYiSrgsWsiB
	j+AiUMEyOochRa5Ua78+JkYlV8ext+p/frshAAACVklEQVQ4jV2RsYvbMBTG35pR1EOObg7qteNV
	BK7ZTDUUvCUIiqf2CopNtwzVdfSlNbotUFDOcwgUb4XQRf9c35PsnNMP4iTvp+97T8/g7PTKMsYS
	6aWU3k+ZRSUZuJpNWVDCsvzkMza1dZJ7eKLjGZNB3ntJR04IyppAInNPUTIjr/QnCSEko/opgox5
	TGVAhhBzkoGwXHo6DDQPKUQNrggkIU998zFIzvOQApAByBCd+wsiMwnjqh9hGDqPixl2Ab4UvOgW
	XXcQQmxt1FYIMK+tbeyD6g639J/KggT3dm63W9X99h+s6LrjQURB+0XxlSq6IKxuz2C9+TFXqjgq
	Ajf5KZJbePr6U6G6TvWWqBv4+10EcFTHWMcZFmq2hId3s5QjKQaD9++vjeHwyqRpylfBv8BPPTXG
	bFIFbj9D0iffJtg8+A5QOrxSms6Q1biQTJzHLW1TVncz/P0Sga37i4DWtnV6wz/2i2QvBC4AgSv1
	o3YbfkMgz9hWHBY0H5S6bNz67Wpe0FBhMYtFBLZp97PVUaluLOphW3hQc7xiMQaNtmsNv8Ja/gON
	Nm27obVQ2gChbhCYNy4NoIhLwy/s4bQ2lbuLhHSkxwCqfcq5GglBVWnd7jWuNOUXoHxsNWqN606f
	GQHbYtyuB4HwAHSJjgr2lIWKhmVwWKSVi28ujrD8hgC37voeJt5zya81tFXrqrbRff+QZh41AhJM
	6BlNqApz4IoQkCK4t8bswBn4BJNdqMOEOn32vtEO28KzMA6H838qpy9BaBcPDOlnD+z6A5NLMDgJ
	/wMkj6k13s4WlAAAAABJRU5ErkJggg==
X-Now-Playing: Talking Heads's _Once In A Lifetime (3)_: "Lifetime Piling Up"
X-Hashcash: 1:23:141118:kwhite@gnu.org::F/MmxqIq2Kop4Dc1:000Je/M
X-Hashcash: 1:23:141118:stephen_leake@stephe-leake.org::0llC9R6s3KPQvZaG:0000000000000000000000000000000LXsK
X-Hashcash: 1:23:141118:toke@toke.dk::64JgU5cqoJeY3CF3:00000qe2l
X-Hashcash: 1:23:141118:emacs-devel@gnu.org::ADnkl6prD2ocLhGA:000000000000000000000000000000000000000002IEA3
In-Reply-To: <87sihg7r73.fsf@alrua-karlstad.karlstad.toke.dk> ("Toke
	\=\?iso-8859-1\?Q\?H\=F8iland-J\=F8rgensen\=22's\?\= message of "Tue,
	18 Nov 2014 11:12:32 +0100")
User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/24.4.51 (gnu/linux)
X-MailScanner-ID: 1XqoiD-0004RQ-Oz
MailScanner-NULL-Check: 1416944717.96725@AKGK5zgKTPRdigjfDM087A
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 80.91.224.195
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:177643
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/177643>

Toke H=F8iland-J=F8rgensen <toke@toke.dk> writes:

> Lars Magne Ingebrigtsen <larsi@gnus.org> writes:
>
>> But here's the feedback I need:
>
> Haven't tested the code, but feel like I can weigh in on some of this:
>
>>   if (verification & GNUTLS_CERT_INVALID)
>>     warnings =3D Fcons (list2 (intern (":invalid"),
>
> As far as I can tell from the GnuTLS example code, this is a flag that
> GnuTLS sets when a cert is not trusted, rather than when it's malformed
> (as I would have guessed from the name)? I.e. it doesn't ever appear on
> its own?

Ah, right, so it's a general catch-all that's set in addition to other
flags?

>>   if (verification & GNUTLS_CERT_REVOKED)
>>     warnings =3D Fcons (list2 (intern (":revoked"),
>
> This should probably be treated as fairly suspicious; since if the cert
> has been explicitly revoked, there's probably a reason (not sure how
> GnuTLS determines this second one; does it do OCSP revocation checks?).
> SO carrying on would probably be... ill-advised. Perhaps by default fail
> this completely (rather than ask), and optionally have a variable option
> to override it?

I don't see why we shouldn't ask.  The user should be able to decide
without setting variables.

>>   if (verification & GNUTLS_CERT_SIGNER_NOT_FOUND)
>>     warnings =3D Fcons (list2 (intern (":signer-not-found"),
>>   if (verification & GNUTLS_CERT_SIGNER_NOT_CA)
>>     warnings =3D Fcons (list2 (intern (":self-signed"),
>
> Not sure which of these would indicate the common self-signed case?
> Could probably be both...

Yeah, that's what I'm mainly wondering about.

>>   if (verification & GNUTLS_CERT_NOT_ACTIVATED)
>>     warnings =3D Fcons (list2 (intern (":not-activated"),
>
> This would probably be an issue with the clock?
>
>>   if (verification & GNUTLS_CERT_EXPIRED)
>>     warnings =3D Fcons (list2 (intern (":expired"),
>
> I would expect this to be mostly benign (someone forgot to replace a
> cert), but can also indicate someone stole an old cert and is using it
> to MITM...

Yup.

> However, in terms of UI we might be able to do a bit better. I'd advise
> taking a look at the Certificate Patrol firefox extension
> (http://patrol.psyced.org/), which does some heuristics to determine if
> a changed certificate is benign or not. The main thing it does is to
> look at the expiration date of the stored certificate; if that is
> expired (or close to being), and the new certificate has the same CA as
> the old one, it pops up a notice and continues.

Interesting.  It does this even if the new certificate is valid?  To
mitigate against rogue CAs?

The NSM will also warn about new certificates if the user has switched
to `paranoid', but it doesn't compare old and new CAs and stuff.

--=20
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no