From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Lars Magne Ingebrigtsen Newsgroups: gmane.emacs.devel Subject: Re: Network security manager Date: Tue, 18 Nov 2014 15:41:50 +0100 Message-ID: References: <85a93pj1n5.fsf@stephe-leake.org> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1416321755 11734 80.91.229.3 (18 Nov 2014 14:42:35 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Tue, 18 Nov 2014 14:42:35 +0000 (UTC) To: Emacs development discussions Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Nov 18 15:42:29 2014 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1XqjzB-0007lu-12 for ged-emacs-devel@m.gmane.org; Tue, 18 Nov 2014 15:42:29 +0100 Original-Received: from localhost ([::1]:53548 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XqjzA-00060K-Do for ged-emacs-devel@m.gmane.org; Tue, 18 Nov 2014 09:42:28 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:41273) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xqjz2-0005zG-7U for emacs-devel@gnu.org; Tue, 18 Nov 2014 09:42:25 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Xqjyw-00058c-6W for emacs-devel@gnu.org; Tue, 18 Nov 2014 09:42:20 -0500 Original-Received: from hermes.netfonds.no ([80.91.224.195]:45234) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xqjyv-00058M-Va for emacs-devel@gnu.org; Tue, 18 Nov 2014 09:42:14 -0500 Original-Received: from cm-84.215.51.58.getinternet.no ([84.215.51.58] helo=stories.gnus.org) by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1XqjyZ-00064C-Bs for emacs-devel@gnu.org; Tue, 18 Nov 2014 15:41:51 +0100 Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAElBMVEUFBAgCAQQ/RkxxfYCD kJGkr6+I/vIiAAACV0lEQVQ4jT2TQZLrIAxEZZzszfz6e0fY+xmEL2DEPhXD/a8yLUiGqiS2HlI3 bYemhSb6W+Ny8t4TeW93fvoAb+UBPK1/Hbd1+gBscSvwstj1/UX+D9gYu8LPtD/JDw3sG1cu5ZWm meDG7g1MA+gV2TH/LMPcewS2lCqn7Ndjsc2zzelO/VKu9Ux7mvoUQQFXpr7s7TwT792QOwegN4gc GLee5mo+/Yjh3k7m7eyjbs3A9AEvlgNNgdf5Dczh8r+dpZZwlFwfewcUJNKy3FusUi7Nml3pYIvM cTLAHCwr+gKY/ByZmL/hKjPLNVmeVQn11aU1BCqtNdW4Asy50CJM+4sor62v6we53cIBAXh7Em0y QHli1r940On8lzxdSWpVfKpFLYm+4eJ4Hddcbb+22h42S+DH+1a3591AqUnleyEXlcSRQ+l5GNCk OUpIVRptCA6jr66cRauIJEQDV0FyFunCXV7NRqOaYohJVe1Tqrb3ItVTrDtjvBh7NwJgjqZsTFIH 1b4pm4Bk6R1pTAJp1JUDZhwG7IitFANZhbETBptmfJdRN3BE0VJqbXbE2sM3V2Li+eNmFLvdLo1y wf6eyljoCKYOkdLn1F6tWigwFrrUXNbRIZBH7Cu7EBFcT2XIQBKA8K+Idka8hHZ8dECVHJNzoQdi r1fIgpuQUgcoxP6ITK4rSjZAZMQSPM1JDCFJH4U6Qx7TYmTM4y2JvEcBHMhXhNEUUwFIo3/L9rxV 7C7gbyok5kLthMUOV5E1jFwA4+BBEIaFLklOayXoSJfsL1yrtYpeJcsvWTXKE319zEwAAAAASUVO RK5CYII= X-Now-Playing: Arto Lindsay's _Prize (Japanese Version)_: "Unsure" X-Hashcash: 1:23:141118:emacs-devel@gnu.org::gOgPmSuBMLdeAJ0L:000000000000000000000000000000000000000000RDfx In-Reply-To: (Lars Magne Ingebrigtsen's message of "Tue, 18 Nov 2014 00:51:38 +0100") User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux) X-MailScanner-ID: 1XqjyZ-00064C-Bs MailScanner-NULL-Check: 1416926512.19541@kvGif0c9B2Y3kX16mjTH0Q X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 80.91.224.195 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:177545 Archived-At: Lars Magne Ingebrigtsen writes: > I'm looking at print_cert in output.c in the gnutls ui stuff, and it's > pretty long, but should be easy enough to adapt to Emacs. But it's > going to be quite a few lines of C code. This is now implemented. I've switched the NSM on in the nsm branch by default, and I'm now properly warned about all the invalidly encrypted servers I'm talking to. So it kinda seems to work. >"? The only thing remaining is to have the queries be prettier. They're kinda messy at the moment, with too much unstructured information. And bugs, of course. But give the nsm branch a whirl and see whether it works... The related thing I was also going to implement is the "shouldn't this connection be encrypted?" thing previously discussed. That is, if you're talking to an IMAP server, you most likely want that connection to be encrypted, and if not, Emacs should tell you that it isn't. This is trivial to implement in the NSM, but what should the defaults be? IMAP, POP3: I think most users would want to be warned here SMTP, IRC: I don't think anybody cares NNTP: They might care if they're sending a password Uhm... is that all the protocols? I feel I'm forgetting one... -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no