* The Network Security Manager is now on the trunk
@ 2014-11-23 14:16 Lars Magne Ingebrigtsen
2014-11-23 15:31 ` Romain Francoise
` (2 more replies)
0 siblings, 3 replies; 18+ messages in thread
From: Lars Magne Ingebrigtsen @ 2014-11-23 14:16 UTC (permalink / raw)
To: emacs-devel
`network-security-level' defaults to `low', though, so it will not
actually be used, so there should currently be no impact on anybody,
unless I made a boo-boo somewhere.
There may be building problems on non-GNU/Linux systems because of the
gnutls.c changes, but hopefully not.
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: The Network Security Manager is now on the trunk
2014-11-23 14:16 The Network Security Manager is now on the trunk Lars Magne Ingebrigtsen
@ 2014-11-23 15:31 ` Romain Francoise
2014-11-23 15:38 ` Lars Magne Ingebrigtsen
2014-11-23 19:30 ` Tassilo Horn
2014-11-24 18:19 ` Robert Pluim
2 siblings, 1 reply; 18+ messages in thread
From: Romain Francoise @ 2014-11-23 15:31 UTC (permalink / raw)
To: emacs-devel
On Sun, Nov 23, 2014 at 03:16:21PM +0100, Lars Magne Ingebrigtsen wrote:
> `network-security-level' defaults to `low', though, so it will not
> actually be used, so there should currently be no impact on anybody,
> unless I made a boo-boo somewhere.
Works fine for me, thanks!
(But our TLS support will still be fatally insecure by default as long
as `gnutls-min-prime-bits' is set to something lower than 1024.)
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: The Network Security Manager is now on the trunk
2014-11-23 15:31 ` Romain Francoise
@ 2014-11-23 15:38 ` Lars Magne Ingebrigtsen
2014-11-23 15:50 ` Romain Francoise
0 siblings, 1 reply; 18+ messages in thread
From: Lars Magne Ingebrigtsen @ 2014-11-23 15:38 UTC (permalink / raw)
To: Romain Francoise; +Cc: emacs-devel
Romain Francoise <romain@orebokech.com> writes:
> On Sun, Nov 23, 2014 at 03:16:21PM +0100, Lars Magne Ingebrigtsen wrote:
>> `network-security-level' defaults to `low', though, so it will not
>> actually be used, so there should currently be no impact on anybody,
>> unless I made a boo-boo somewhere.
>
> Works fine for me, thanks!
>
> (But our TLS support will still be fatally insecure by default as long
> as `gnutls-min-prime-bits' is set to something lower than 1024.)
Is there an interface function to query gnutls how many prime bits were
used during connection? If so, we could add that to the NSM, too. (On
`high', perhaps.)
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: The Network Security Manager is now on the trunk
2014-11-23 15:38 ` Lars Magne Ingebrigtsen
@ 2014-11-23 15:50 ` Romain Francoise
2014-11-23 16:04 ` Lars Magne Ingebrigtsen
0 siblings, 1 reply; 18+ messages in thread
From: Romain Francoise @ 2014-11-23 15:50 UTC (permalink / raw)
To: Lars Magne Ingebrigtsen; +Cc: emacs-devel
On Sun, Nov 23, 2014 at 04:38:02PM +0100, Lars Magne Ingebrigtsen wrote:
> Is there an interface function to query gnutls how many prime bits were
> used during connection? If so, we could add that to the NSM, too. (On
> `high', perhaps.)
`gnutls_dh_get_prime_bits'
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: The Network Security Manager is now on the trunk
2014-11-23 15:50 ` Romain Francoise
@ 2014-11-23 16:04 ` Lars Magne Ingebrigtsen
2014-11-23 21:09 ` Ted Zlatanov
0 siblings, 1 reply; 18+ messages in thread
From: Lars Magne Ingebrigtsen @ 2014-11-23 16:04 UTC (permalink / raw)
To: Romain Francoise; +Cc: emacs-devel
Romain Francoise <romain@orebokech.com> writes:
> On Sun, Nov 23, 2014 at 04:38:02PM +0100, Lars Magne Ingebrigtsen wrote:
>> Is there an interface function to query gnutls how many prime bits were
>> used during connection? If so, we could add that to the NSM, too. (On
>> `high', perhaps.)
>
> `gnutls_dh_get_prime_bits'
Great. I'll report that as a wishlist bug so that we don't forget to
implement it.
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: The Network Security Manager is now on the trunk
2014-11-23 14:16 The Network Security Manager is now on the trunk Lars Magne Ingebrigtsen
2014-11-23 15:31 ` Romain Francoise
@ 2014-11-23 19:30 ` Tassilo Horn
2014-11-24 16:49 ` Lars Magne Ingebrigtsen
2014-11-24 18:19 ` Robert Pluim
2 siblings, 1 reply; 18+ messages in thread
From: Tassilo Horn @ 2014-11-23 19:30 UTC (permalink / raw)
To: emacs-devel
Lars Magne Ingebrigtsen <larsi@gnus.org> writes:
> `network-security-level' defaults to `low', though, so it will not
> actually be used, so there should currently be no impact on anybody,
> unless I made a boo-boo somewhere.
I've set it to high and all my mail servers seem to be ok except for
gmane where I had to confirm my connection attempt. BTW, the
confirmation prompts could be improved a bit: I think it said Yes, No or
Always without telling me what I need to type. Ok, ok, guessing "a" for
Always wasn't that challenging but (y)es, (n)o, (a)lways would be even
clearer.
Bye,
Tassilo
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: The Network Security Manager is now on the trunk
2014-11-23 16:04 ` Lars Magne Ingebrigtsen
@ 2014-11-23 21:09 ` Ted Zlatanov
0 siblings, 0 replies; 18+ messages in thread
From: Ted Zlatanov @ 2014-11-23 21:09 UTC (permalink / raw)
To: emacs-devel
On Sun, 23 Nov 2014 17:04:48 +0100 Lars Magne Ingebrigtsen <larsi@gnus.org> wrote:
LMI> Romain Francoise <romain@orebokech.com> writes:
>> On Sun, Nov 23, 2014 at 04:38:02PM +0100, Lars Magne Ingebrigtsen wrote:
>>> Is there an interface function to query gnutls how many prime bits were
>>> used during connection? If so, we could add that to the NSM, too. (On
>>> `high', perhaps.)
>>
>> `gnutls_dh_get_prime_bits'
LMI> Great. I'll report that as a wishlist bug so that we don't forget to
LMI> implement it.
Thanks!
Ted
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: The Network Security Manager is now on the trunk
2014-11-23 19:30 ` Tassilo Horn
@ 2014-11-24 16:49 ` Lars Magne Ingebrigtsen
2014-11-24 17:12 ` Eli Zaretskii
2014-11-24 17:52 ` Stefan Monnier
0 siblings, 2 replies; 18+ messages in thread
From: Lars Magne Ingebrigtsen @ 2014-11-24 16:49 UTC (permalink / raw)
To: emacs-devel
I've now added a mini-essay to the lispref manual on network security,
but perhaps this sort of thing should be in the Emacs manual instead?
If so, where in the Emacs manual should it be?
(I tried avoiding using the words "NSA" and "China".)
36.15 Network Security
======================
After establishing a network connection, the connection is then passed
on to the Network Security Manager (NSM).
The `network-security-level' variable determines the security level.
If this is `low', no security checks are performed.
If this variable is `medium' (which is the default), a number of
checks will be performed. If the NSM determines that the network
connection might be unsafe, the user is made aware of this, and the NSM
will ask the user what to do about the network connection.
The user is given the choice of registering a permanent security
exception, a temporary one, or whether to refuse the connection
entirely.
Below is a list of the checks done on the `medium' level.
unable to verify a TLS certificate
If the connection is a TLS, SSL or STARTTLS connection, the NSM
will check whether the certificate used to establish the identity
of the server we're connecting to can be verified.
While an invalid certificate is often the cause for concern (there
may be a Man-in-the-Middle hijacking your network connection and
stealing your password), there may be valid reasons for going
ahead with the connection anyway.
For instance, the server may be using a self-signed certificate, or
the certificate may have expired. It's up to the user to determine
whether it's acceptable to continue the connection.
a self-signed certificate has changed
If you've previously accepted a self-signed certificate, but it has
now changed, that either means that the server has just changed the
certificate, or this might mean that the network connection has
been hijacked.
previously encrypted connection now unencrypted
If the connection is unencrypted, but it was encrypted in previous
sessions, this might mean that there is a proxy between you and the
server that strips away STARTTLS announcements, leaving the
connection unencrypted. This is usually very suspicious.
talking to an unencrypted service when sending a password
When connecting to an IMAP or POP3 server, these should usually be
encrypted, because it's common to send passwords over these
connections. Similarly, if you're sending email via SMTP that
requires a password, you usually want that connection to be
encrypted. If the connection isn't encrypted, the NSM will warn
you.
If `network-security-level' is `high', the following checks will be
made:
a validated certificate changes the public key
Servers change their keys occasionally, and that is normally
nothing to be concerned about. However, if you are worried that
your network connections are being hijacked by agencies who have
access to pliable Certificate Authorities that issue new
certificates for third-party services, you may want to keep track
of these changes.
Finally, if `network-security-level' is `paranoid', you will also be
notified the first time the NSM sees any new certificate. This will
allow you to inspect all the certificates from all the connections that
Emacs makes.
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: The Network Security Manager is now on the trunk
2014-11-24 16:49 ` Lars Magne Ingebrigtsen
@ 2014-11-24 17:12 ` Eli Zaretskii
2014-11-24 17:30 ` Lars Magne Ingebrigtsen
2014-11-24 17:52 ` Stefan Monnier
1 sibling, 1 reply; 18+ messages in thread
From: Eli Zaretskii @ 2014-11-24 17:12 UTC (permalink / raw)
To: Lars Magne Ingebrigtsen; +Cc: emacs-devel
> From: Lars Magne Ingebrigtsen <larsi@gnus.org>
> Date: Mon, 24 Nov 2014 17:49:23 +0100
>
> I've now added a mini-essay to the lispref manual on network security,
> but perhaps this sort of thing should be in the Emacs manual instead?
If it's user (as opposed to Lisp programmer) level information, it
should be in the user manual.
> If so, where in the Emacs manual should it be?
A chapter near "Sending mail", "Rmail", "Gnus", etc.
And don't forget NEWS.
Thanks.
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: The Network Security Manager is now on the trunk
2014-11-24 17:12 ` Eli Zaretskii
@ 2014-11-24 17:30 ` Lars Magne Ingebrigtsen
0 siblings, 0 replies; 18+ messages in thread
From: Lars Magne Ingebrigtsen @ 2014-11-24 17:30 UTC (permalink / raw)
To: Eli Zaretskii; +Cc: emacs-devel
Eli Zaretskii <eliz@gnu.org> writes:
>> If so, where in the Emacs manual should it be?
>
> A chapter near "Sending mail", "Rmail", "Gnus", etc.
>
> And don't forget NEWS.
Ok; done.
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: The Network Security Manager is now on the trunk
2014-11-24 16:49 ` Lars Magne Ingebrigtsen
2014-11-24 17:12 ` Eli Zaretskii
@ 2014-11-24 17:52 ` Stefan Monnier
2014-11-24 23:50 ` Lars Magne Ingebrigtsen
1 sibling, 1 reply; 18+ messages in thread
From: Stefan Monnier @ 2014-11-24 17:52 UTC (permalink / raw)
To: emacs-devel
> If this variable is `medium' (which is the default), a number of
> checks will be performed. If the NSM determines that the network
> connection might be unsafe, the user is made aware of this, and the NSM
^^^^^^
I think this is not what we really mean: the connection itself is
generally not dangerous. Maybe "trustworthy" is closer.
Stefan
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: The Network Security Manager is now on the trunk
2014-11-23 14:16 The Network Security Manager is now on the trunk Lars Magne Ingebrigtsen
2014-11-23 15:31 ` Romain Francoise
2014-11-23 19:30 ` Tassilo Horn
@ 2014-11-24 18:19 ` Robert Pluim
2014-11-24 18:34 ` Eli Zaretskii
2 siblings, 1 reply; 18+ messages in thread
From: Robert Pluim @ 2014-11-24 18:19 UTC (permalink / raw)
To: emacs-devel
Lars Magne Ingebrigtsen <larsi@gnus.org> writes:
> `network-security-level' defaults to `low', though, so it will not
> actually be used, so there should currently be no impact on anybody,
> unless I made a boo-boo somewhere.
I tried to customize network-security-level, and failed. I had to launch
gnus before I could do so. I expected to be able to declare my paranoia
before I actually connected to anything....
Regards
Robert
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: The Network Security Manager is now on the trunk
2014-11-24 18:19 ` Robert Pluim
@ 2014-11-24 18:34 ` Eli Zaretskii
2014-11-24 18:55 ` Glenn Morris
2014-11-24 23:48 ` Lars Magne Ingebrigtsen
0 siblings, 2 replies; 18+ messages in thread
From: Eli Zaretskii @ 2014-11-24 18:34 UTC (permalink / raw)
To: emacs-devel
> From: Robert Pluim <rpluim@gmail.com>
> Date: Mon, 24 Nov 2014 19:19:08 +0100
>
> Lars Magne Ingebrigtsen <larsi@gnus.org> writes:
>
> > `network-security-level' defaults to `low', though, so it will not
> > actually be used, so there should currently be no impact on anybody,
> > unless I made a boo-boo somewhere.
>
> I tried to customize network-security-level, and failed. I had to launch
> gnus before I could do so. I expected to be able to declare my paranoia
> before I actually connected to anything....
You need to "M-x load-library RET nsm RET", and then you can customize
it.
Lars, this variable needs to be auto-loaded, I think.
And why does the manual says the default is 'medium', but the truth is
that it's 'low'?
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: The Network Security Manager is now on the trunk
2014-11-24 18:34 ` Eli Zaretskii
@ 2014-11-24 18:55 ` Glenn Morris
2014-11-24 19:00 ` Glenn Morris
2014-11-24 23:48 ` Lars Magne Ingebrigtsen
1 sibling, 1 reply; 18+ messages in thread
From: Glenn Morris @ 2014-11-24 18:55 UTC (permalink / raw)
To: Eli Zaretskii; +Cc: emacs-devel
Eli Zaretskii wrote:
>> I tried to customize network-security-level, and failed. I had to launch
[...]
> You need to "M-x load-library RET nsm RET", and then you can customize
> it.
>
> Lars, this variable needs to be auto-loaded, I think.
As a general comment, auto-loading defcustoms just so people can
customize them in a vanilla Emacs is discouraged (IIRC). (I know nothing
about this specific case.)
See eg
https://lists.gnu.org/archive/html/help-gnu-emacs/2007-06/msg00360.html
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: The Network Security Manager is now on the trunk
2014-11-24 18:55 ` Glenn Morris
@ 2014-11-24 19:00 ` Glenn Morris
2014-11-24 19:06 ` Eli Zaretskii
0 siblings, 1 reply; 18+ messages in thread
From: Glenn Morris @ 2014-11-24 19:00 UTC (permalink / raw)
To: Eli Zaretskii; +Cc: emacs-devel
Glenn Morris wrote:
> https://lists.gnu.org/archive/html/help-gnu-emacs/2007-06/msg00360.html
Better reference:
http://lists.gnu.org/archive/html/emacs-devel/2010-01/msg01188.html
Autoloading of some defcustoms should not be used just because some
option is "important". It should only be used when it's *necessary*
for technical reasons.
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: The Network Security Manager is now on the trunk
2014-11-24 19:00 ` Glenn Morris
@ 2014-11-24 19:06 ` Eli Zaretskii
0 siblings, 0 replies; 18+ messages in thread
From: Eli Zaretskii @ 2014-11-24 19:06 UTC (permalink / raw)
To: Glenn Morris; +Cc: emacs-devel
> From: Glenn Morris <rgm@gnu.org>
> Cc: emacs-devel@gnu.org
> Date: Mon, 24 Nov 2014 14:00:01 -0500
>
> Glenn Morris wrote:
>
> > https://lists.gnu.org/archive/html/help-gnu-emacs/2007-06/msg00360.html
>
> Better reference:
>
> http://lists.gnu.org/archive/html/emacs-devel/2010-01/msg01188.html
>
> Autoloading of some defcustoms should not be used just because some
> option is "important". It should only be used when it's *necessary*
> for technical reasons.
This one is.
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: The Network Security Manager is now on the trunk
2014-11-24 18:34 ` Eli Zaretskii
2014-11-24 18:55 ` Glenn Morris
@ 2014-11-24 23:48 ` Lars Magne Ingebrigtsen
1 sibling, 0 replies; 18+ messages in thread
From: Lars Magne Ingebrigtsen @ 2014-11-24 23:48 UTC (permalink / raw)
To: Eli Zaretskii; +Cc: emacs-devel
Eli Zaretskii <eliz@gnu.org> writes:
> You need to "M-x load-library RET nsm RET", and then you can customize
> it.
>
> Lars, this variable needs to be auto-loaded, I think.
Yeah... Or I could move it to a file that's dumped with Emacs,
perhaps?
> And why does the manual says the default is 'medium', but the truth is
> that it's 'low'?
It's going to default to `medium' in five days. I wanted to get the
basic build problems addressed before switching it on.
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: The Network Security Manager is now on the trunk
2014-11-24 17:52 ` Stefan Monnier
@ 2014-11-24 23:50 ` Lars Magne Ingebrigtsen
0 siblings, 0 replies; 18+ messages in thread
From: Lars Magne Ingebrigtsen @ 2014-11-24 23:50 UTC (permalink / raw)
To: Stefan Monnier; +Cc: emacs-devel
Stefan Monnier <monnier@IRO.UMontreal.CA> writes:
>> If this variable is `medium' (which is the default), a number of
>> checks will be performed. If the NSM determines that the network
>> connection might be unsafe, the user is made aware of this, and the NSM
> ^^^^^^
> I think this is not what we really mean: the connection itself is
> generally not dangerous. Maybe "trustworthy" is closer.
Yes, that sounds better.
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
^ permalink raw reply [flat|nested] 18+ messages in thread
end of thread, other threads:[~2014-11-24 23:50 UTC | newest]
Thread overview: 18+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-11-23 14:16 The Network Security Manager is now on the trunk Lars Magne Ingebrigtsen
2014-11-23 15:31 ` Romain Francoise
2014-11-23 15:38 ` Lars Magne Ingebrigtsen
2014-11-23 15:50 ` Romain Francoise
2014-11-23 16:04 ` Lars Magne Ingebrigtsen
2014-11-23 21:09 ` Ted Zlatanov
2014-11-23 19:30 ` Tassilo Horn
2014-11-24 16:49 ` Lars Magne Ingebrigtsen
2014-11-24 17:12 ` Eli Zaretskii
2014-11-24 17:30 ` Lars Magne Ingebrigtsen
2014-11-24 17:52 ` Stefan Monnier
2014-11-24 23:50 ` Lars Magne Ingebrigtsen
2014-11-24 18:19 ` Robert Pluim
2014-11-24 18:34 ` Eli Zaretskii
2014-11-24 18:55 ` Glenn Morris
2014-11-24 19:00 ` Glenn Morris
2014-11-24 19:06 ` Eli Zaretskii
2014-11-24 23:48 ` Lars Magne Ingebrigtsen
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.