From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Lars Magne Ingebrigtsen <larsi@gnus.org>
Newsgroups: gmane.emacs.devel
Subject: Re: Network security manager
Date: Tue, 18 Nov 2014 15:41:50 +0100
Message-ID: <m3ppck7eq9.fsf@stories.gnus.org>
References: <m3zjbqouyk.fsf@stories.gnus.org>
	<jwvk32uq67g.fsf-monnier+emacs@gnu.org>
	<85a93pj1n5.fsf@stephe-leake.org> <m3oas5am0b.fsf@stories.gnus.org>
	<CAG-q9=Z7_T1-AYz=pYjvJeg1BM1i9VjYAu76V_pD5F7MpR8a2A@mail.gmail.com>
	<m3bno5igmh.fsf@stories.gnus.org> <m3fvdhgzcl.fsf@stories.gnus.org>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: ger.gmane.org 1416321755 11734 80.91.229.3 (18 Nov 2014 14:42:35 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Tue, 18 Nov 2014 14:42:35 +0000 (UTC)
To: Emacs development discussions <emacs-devel@gnu.org>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Nov 18 15:42:29 2014
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1XqjzB-0007lu-12
	for ged-emacs-devel@m.gmane.org; Tue, 18 Nov 2014 15:42:29 +0100
Original-Received: from localhost ([::1]:53548 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1XqjzA-00060K-Do
	for ged-emacs-devel@m.gmane.org; Tue, 18 Nov 2014 09:42:28 -0500
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:41273)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <larsi@gnus.org>) id 1Xqjz2-0005zG-7U
	for emacs-devel@gnu.org; Tue, 18 Nov 2014 09:42:25 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <larsi@gnus.org>) id 1Xqjyw-00058c-6W
	for emacs-devel@gnu.org; Tue, 18 Nov 2014 09:42:20 -0500
Original-Received: from hermes.netfonds.no ([80.91.224.195]:45234)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <larsi@gnus.org>) id 1Xqjyv-00058M-Va
	for emacs-devel@gnu.org; Tue, 18 Nov 2014 09:42:14 -0500
Original-Received: from cm-84.215.51.58.getinternet.no ([84.215.51.58]
	helo=stories.gnus.org)
	by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16)
	(Exim 4.72) (envelope-from <larsi@gnus.org>) id 1XqjyZ-00064C-Bs
	for emacs-devel@gnu.org; Tue, 18 Nov 2014 15:41:51 +0100
Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAElBMVEUFBAgCAQQ/RkxxfYCD
	kJGkr6+I/vIiAAACV0lEQVQ4jT2TQZLrIAxEZZzszfz6e0fY+xmEL2DEPhXD/a8yLUiGqiS2HlI3
	bYemhSb6W+Ny8t4TeW93fvoAb+UBPK1/Hbd1+gBscSvwstj1/UX+D9gYu8LPtD/JDw3sG1cu5ZWm
	meDG7g1MA+gV2TH/LMPcewS2lCqn7Ndjsc2zzelO/VKu9Ux7mvoUQQFXpr7s7TwT792QOwegN4gc
	GLee5mo+/Yjh3k7m7eyjbs3A9AEvlgNNgdf5Dczh8r+dpZZwlFwfewcUJNKy3FusUi7Nml3pYIvM
	cTLAHCwr+gKY/ByZmL/hKjPLNVmeVQn11aU1BCqtNdW4Asy50CJM+4sor62v6we53cIBAXh7Em0y
	QHli1r940On8lzxdSWpVfKpFLYm+4eJ4Hddcbb+22h42S+DH+1a3591AqUnleyEXlcSRQ+l5GNCk
	OUpIVRptCA6jr66cRauIJEQDV0FyFunCXV7NRqOaYohJVe1Tqrb3ItVTrDtjvBh7NwJgjqZsTFIH
	1b4pm4Bk6R1pTAJp1JUDZhwG7IitFANZhbETBptmfJdRN3BE0VJqbXbE2sM3V2Li+eNmFLvdLo1y
	wf6eyljoCKYOkdLn1F6tWigwFrrUXNbRIZBH7Cu7EBFcT2XIQBKA8K+Idka8hHZ8dECVHJNzoQdi
	r1fIgpuQUgcoxP6ITK4rSjZAZMQSPM1JDCFJH4U6Qx7TYmTM4y2JvEcBHMhXhNEUUwFIo3/L9rxV
	7C7gbyok5kLthMUOV5E1jFwA4+BBEIaFLklOayXoSJfsL1yrtYpeJcsvWTXKE319zEwAAAAASUVO
	RK5CYII=
X-Now-Playing: Arto Lindsay's _Prize (Japanese Version)_: "Unsure"
X-Hashcash: 1:23:141118:emacs-devel@gnu.org::gOgPmSuBMLdeAJ0L:000000000000000000000000000000000000000000RDfx
In-Reply-To: <m3fvdhgzcl.fsf@stories.gnus.org> (Lars Magne Ingebrigtsen's
	message of "Tue, 18 Nov 2014 00:51:38 +0100")
User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux)
X-MailScanner-ID: 1XqjyZ-00064C-Bs
MailScanner-NULL-Check: 1416926512.19541@kvGif0c9B2Y3kX16mjTH0Q
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 80.91.224.195
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:177545
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/177545>

Lars Magne Ingebrigtsen <larsi@gnus.org> writes:

> I'm looking at print_cert in output.c in the gnutls ui stuff, and it's
> pretty long, but should be easy enough to adapt to Emacs.  But it's
> going to be quite a few lines of C code.

This is now implemented.

I've switched the NSM on in the nsm branch by default, and I'm now
properly warned about all the invalidly encrypted servers I'm talking
to.

So it kinda seems to work.  >"?

The only thing remaining is to have the queries be prettier.  They're
kinda messy at the moment, with too much unstructured information.

And bugs, of course.  But give the nsm branch a whirl and see whether it
works...

The related thing I was also going to implement is the "shouldn't this
connection be encrypted?" thing previously discussed.  That is, if
you're talking to an IMAP server, you most likely want that connection
to be encrypted, and if not, Emacs should tell you that it isn't.

This is trivial to implement in the NSM, but what should the defaults
be?

IMAP, POP3: I think most users would want to be warned here
SMTP, IRC: I don't think anybody cares
NNTP: They might care if they're sending a password

Uhm...  is that all the protocols?  I feel I'm forgetting one...

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no