From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Lars Magne Ingebrigtsen Newsgroups: gmane.emacs.devel Subject: Re: Network security manager Date: Tue, 18 Nov 2014 18:36:25 +0100 Message-ID: References: <85a93pj1n5.fsf@stephe-leake.org> <87sihg7r73.fsf@alrua-karlstad.karlstad.toke.dk> <87a93oilxl.fsf@lifelogs.com> <87oas4h555.fsf@lifelogs.com> <8761ech0zm.fsf@lifelogs.com> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1416332246 3848 80.91.229.3 (18 Nov 2014 17:37:26 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Tue, 18 Nov 2014 17:37:26 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Nov 18 18:37:21 2014 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1XqmiM-0004on-C9 for ged-emacs-devel@m.gmane.org; Tue, 18 Nov 2014 18:37:18 +0100 Original-Received: from localhost ([::1]:54521 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XqmiM-0005v4-0q for ged-emacs-devel@m.gmane.org; Tue, 18 Nov 2014 12:37:18 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:39266) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xqmhx-0005kk-AD for emacs-devel@gnu.org; Tue, 18 Nov 2014 12:36:58 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Xqmhr-0002vD-Bn for emacs-devel@gnu.org; Tue, 18 Nov 2014 12:36:53 -0500 Original-Received: from hermes.netfonds.no ([80.91.224.195]:33876) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xqmhr-0002ui-6B for emacs-devel@gnu.org; Tue, 18 Nov 2014 12:36:47 -0500 Original-Received: from cm-84.215.51.58.getinternet.no ([84.215.51.58] helo=stories.gnus.org) by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1XqmhV-0002mN-VF for emacs-devel@gnu.org; Tue, 18 Nov 2014 18:36:26 +0100 Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAElBMVEWkb2iKfqC7qK+EFwmy UzKtNRbH67YOAAACS0lEQVQ4jU2TTXLDIAyFBXH3ltMDGJoDOKOwp7bYt2O4/1X6hJ2kLDwefTx4 +oGktaY5TjOzmybmKTCPzExXxLH8NMUwzQ7AjYx/mquWTUR5phgDVNjdwahaRJIyESTMceoo0EN1 T3vNtJC3raDRCOEk0apZRDZ3BegrBFKVVItuorssHJ8LYEsNANc/9sW28qEi3FDh9orPlhDgp6Js SOQ7TAbEDB8CmP9ora7zDHdqkRN8EQOU6r9a1dXiIZ6KEQJsHqwsgV9rJAVoBltbYyfxAAi2/YDR x7cEADm3vZaWb/oGVztqN1VJftD1eYvzKIkWdKTVn1k1v67vAIEIx/E/EKrenNKA7FDkf+AxH6I1 zqWq69E4maL0Wxrq+QI8TQAIAyQdstaBCONwA75bgukwlkm/CVNCAyrgqexiomLDdcsOVeRPj8ZT srkqbWvVWyI998+wOOKG2y31DFtoCTqFqXKB2A5CDXWdbyew4jK5amZx3hqHZul0v5e7mbe4tVeb 1+aCTbW4N0ATS2z1+6gI8tAnyKjXR089MBT1BCAoWjlrIkz5BDa/qvVZ3EB0Ckp/P78neATyB5AO Gk6yURmXF8DQ4YZ6Ts94B+jpYSDQmLLaI7MZgat8KlLDj4YOlgvA4wWszGvPYpA7U8JLkvQPjDSK AVGMotnqIM9s3RXXwS44/1BgGsi5sQM4SvXWAQg6J3IRAkiwuj5BxgzAkyjRbhFf8K14W7qkOo4X 2QBwViUDbYBYfrNcHiJESVKqAyZOfi6glpxWkfAH6nXXIJhBst0AAAAASUVORK5CYII= X-Now-Playing: Talking Heads's _Once In A Lifetime (2)_: "Once In A Lifetime" X-Hashcash: 1:23:141118:emacs-devel@gnu.org::9bEV2aZT7i28c+Kx:0000000000000000000000000000000000000000004GS8 In-Reply-To: <8761ech0zm.fsf@lifelogs.com> (Ted Zlatanov's message of "Tue, 18 Nov 2014 12:28:29 -0500") User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/24.4.51 (gnu/linux) X-MailScanner-ID: 1XqmhV-0002mN-VF MailScanner-NULL-Check: 1416936986.0566@v+Tco9LDEHVgtZuvO1Xb5Q X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 80.91.224.195 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:177603 Archived-At: Ted Zlatanov writes: > LMI> GPG isn't feasible because nobody wants to type passwords. > > Whuhh? Yeah? > Yes, it's a bother. We're talking about potentially dozens or hundreds > of exceptions in a large enterprise. But let's assume the `a' key is > large and easy to hit. > > Scenario 1: you allow a compromised server accidentally. You now can't > review the exception list to remove that compromise. > > Scenario 2: someone allows a compromised server on purpose in a few > seconds. You have no idea it happened. > > I'm sure there are other scenarios, but please don't make this a > write-only data store. Well, we could have a setting that says that the NSM should re-query security exceptions... On the other hand, we could store the server names in plain text when we store security exceptions to make reviews easier. That is, keep the hash-only thing for STARTTLS man-in-the-middle tracking and the like, but if the user registers an exception, then we'd stash the server name in there, too. This would avoid leaving a complete list of STARTTLS servers in that file, but still allow easy removal of specific exceptions. -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no