From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: nljlistbox2@gmail.com (N. Jackson) Newsgroups: gmane.emacs.help Subject: User interface to bad certificate warning -- how to use? Date: Sun, 31 Jan 2016 16:53:45 -0400 Message-ID: <878u35eahy.fsf@gmail.com> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1454274032 17249 80.91.229.3 (31 Jan 2016 21:00:32 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sun, 31 Jan 2016 21:00:32 +0000 (UTC) To: help-gnu-emacs@gnu.org Original-X-From: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org Sun Jan 31 22:00:23 2016 Return-path: Envelope-to: geh-help-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1aPz6b-00075s-TV for geh-help-gnu-emacs@m.gmane.org; Sun, 31 Jan 2016 22:00:22 +0100 Original-Received: from localhost ([::1]:43203 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aPz6b-0003AF-5b for geh-help-gnu-emacs@m.gmane.org; Sun, 31 Jan 2016 16:00:21 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:49821) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aPz6Q-000391-Cb for help-gnu-emacs@gnu.org; Sun, 31 Jan 2016 16:00:11 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aPz6N-000481-69 for help-gnu-emacs@gnu.org; Sun, 31 Jan 2016 16:00:10 -0500 Original-Received: from plane.gmane.org ([80.91.229.3]:40065) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aPz6M-00047w-Va for help-gnu-emacs@gnu.org; Sun, 31 Jan 2016 16:00:07 -0500 Original-Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1aPz6K-0006ab-9p for help-gnu-emacs@gnu.org; Sun, 31 Jan 2016 22:00:04 +0100 Original-Received: from t8667.wpa.dal.ca ([134.190.134.103]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sun, 31 Jan 2016 22:00:04 +0100 Original-Received: from nljlistbox2 by t8667.wpa.dal.ca with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sun, 31 Jan 2016 22:00:04 +0100 X-Injected-Via-Gmane: http://gmane.org/ Original-Lines: 56 Original-X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: t8667.wpa.dal.ca User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.0.90 (gnu/linux) Cancel-Lock: sha1:pJ9apCTd3hnlyRHn6t8dueDBcak= X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 80.91.229.3 X-BeenThere: help-gnu-emacs@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Users list for the GNU Emacs text editor List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org Original-Sender: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.help:108941 Archived-At: In the pre-release for Emacs 25 (25.0.90) I get a warning message when Gnus tries to connect to my local Dovecot IMAP server. The warning message correctly states that "The TLS connection to localhost:993 is insecure ..." because I have a self-signed certificate (among other problems with it). I'm very happy that this functionality is now in Emacs. My question is about how the user is intended to interact with this warning, since there are several rather confusing things about it. The warning is shown in a help window while simultaneously there is a prompt displayed in the minibuffer: Continue connecting? (No, Session only, Always) Is the user intended to type in the full text of their choice or the first letter or what? If the first letter, must it be capitalised as shown? The prompt seems to disappear when _any_ key is pressed; for example I tried to copy the prompt to the clipboard and it disappeared when I started to select it -- I've no idea which of the three choices it decided I had entered. This seems rather surprising behaviour for the minibuffer. After the prompt is gone, the help window remains but the buffer itself is gone. This seems to be rather the opposite of what would be useful. Wouldn't it be better if the buffer with the details about the problematic certificate persisted and the help window was closed? Furthermore, the information in the help buffer is in a confusing order: Certificate information Issued by: imap.example.com Issued to: IMAP server Hostname: imap.example.com Public key: RSA, signature: RSA-SHA1 Protocol: TLS1.2, key: ECDHE-RSA, cipher: AES-128-GCM, mac: AEAD Security level: Low Valid: From 2013-09-07 to 2014-09-07 The TLS connection to localhost:993 is insecure for the following reasons: certificate signer was not found (self-signed) certificate host does not match hostname certificate has expired the certificate was signed by an unknown and therefore untrusted authority certificate could not be verified Would it not be better if the statement of the problem "The TLS connection ... is insecure" came first, and the detailed certificate information came at the end. I'm trying to understand why the interface is the way it is, and also how the user is expected to interact with it.