all messages for Emacs-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
* The Network Security Manager is now on the trunk
@ 2014-11-23 14:16 Lars Magne Ingebrigtsen
  2014-11-23 15:31 ` Romain Francoise
                   ` (2 more replies)
  0 siblings, 3 replies; 18+ messages in thread
From: Lars Magne Ingebrigtsen @ 2014-11-23 14:16 UTC (permalink / raw)
  To: emacs-devel

`network-security-level' defaults to `low', though, so it will not
actually be used, so there should currently be no impact on anybody,
unless I made a boo-boo somewhere.

There may be building problems on non-GNU/Linux systems because of the
gnutls.c changes, but hopefully not.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no





^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: The Network Security Manager is now on the trunk
  2014-11-23 14:16 The Network Security Manager is now on the trunk Lars Magne Ingebrigtsen
@ 2014-11-23 15:31 ` Romain Francoise
  2014-11-23 15:38   ` Lars Magne Ingebrigtsen
  2014-11-23 19:30 ` Tassilo Horn
  2014-11-24 18:19 ` Robert Pluim
  2 siblings, 1 reply; 18+ messages in thread
From: Romain Francoise @ 2014-11-23 15:31 UTC (permalink / raw)
  To: emacs-devel

On Sun, Nov 23, 2014 at 03:16:21PM +0100, Lars Magne Ingebrigtsen wrote:
> `network-security-level' defaults to `low', though, so it will not
> actually be used, so there should currently be no impact on anybody,
> unless I made a boo-boo somewhere.

Works fine for me, thanks!

(But our TLS support will still be fatally insecure by default as long
as `gnutls-min-prime-bits' is set to something lower than 1024.)



^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: The Network Security Manager is now on the trunk
  2014-11-23 15:31 ` Romain Francoise
@ 2014-11-23 15:38   ` Lars Magne Ingebrigtsen
  2014-11-23 15:50     ` Romain Francoise
  0 siblings, 1 reply; 18+ messages in thread
From: Lars Magne Ingebrigtsen @ 2014-11-23 15:38 UTC (permalink / raw)
  To: Romain Francoise; +Cc: emacs-devel

Romain Francoise <romain@orebokech.com> writes:

> On Sun, Nov 23, 2014 at 03:16:21PM +0100, Lars Magne Ingebrigtsen wrote:
>> `network-security-level' defaults to `low', though, so it will not
>> actually be used, so there should currently be no impact on anybody,
>> unless I made a boo-boo somewhere.
>
> Works fine for me, thanks!
>
> (But our TLS support will still be fatally insecure by default as long
> as `gnutls-min-prime-bits' is set to something lower than 1024.)

Is there an interface function to query gnutls how many prime bits were
used during connection?  If so, we could add that to the NSM, too.  (On
`high', perhaps.)

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no



^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: The Network Security Manager is now on the trunk
  2014-11-23 15:38   ` Lars Magne Ingebrigtsen
@ 2014-11-23 15:50     ` Romain Francoise
  2014-11-23 16:04       ` Lars Magne Ingebrigtsen
  0 siblings, 1 reply; 18+ messages in thread
From: Romain Francoise @ 2014-11-23 15:50 UTC (permalink / raw)
  To: Lars Magne Ingebrigtsen; +Cc: emacs-devel

On Sun, Nov 23, 2014 at 04:38:02PM +0100, Lars Magne Ingebrigtsen wrote:
> Is there an interface function to query gnutls how many prime bits were
> used during connection?  If so, we could add that to the NSM, too.  (On
> `high', perhaps.)

`gnutls_dh_get_prime_bits'



^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: The Network Security Manager is now on the trunk
  2014-11-23 15:50     ` Romain Francoise
@ 2014-11-23 16:04       ` Lars Magne Ingebrigtsen
  2014-11-23 21:09         ` Ted Zlatanov
  0 siblings, 1 reply; 18+ messages in thread
From: Lars Magne Ingebrigtsen @ 2014-11-23 16:04 UTC (permalink / raw)
  To: Romain Francoise; +Cc: emacs-devel

Romain Francoise <romain@orebokech.com> writes:

> On Sun, Nov 23, 2014 at 04:38:02PM +0100, Lars Magne Ingebrigtsen wrote:
>> Is there an interface function to query gnutls how many prime bits were
>> used during connection?  If so, we could add that to the NSM, too.  (On
>> `high', perhaps.)
>
> `gnutls_dh_get_prime_bits'

Great.  I'll report that as a wishlist bug so that we don't forget to
implement it.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no



^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: The Network Security Manager is now on the trunk
  2014-11-23 14:16 The Network Security Manager is now on the trunk Lars Magne Ingebrigtsen
  2014-11-23 15:31 ` Romain Francoise
@ 2014-11-23 19:30 ` Tassilo Horn
  2014-11-24 16:49   ` Lars Magne Ingebrigtsen
  2014-11-24 18:19 ` Robert Pluim
  2 siblings, 1 reply; 18+ messages in thread
From: Tassilo Horn @ 2014-11-23 19:30 UTC (permalink / raw)
  To: emacs-devel

Lars Magne Ingebrigtsen <larsi@gnus.org> writes:

> `network-security-level' defaults to `low', though, so it will not
> actually be used, so there should currently be no impact on anybody,
> unless I made a boo-boo somewhere.

I've set it to high and all my mail servers seem to be ok except for
gmane where I had to confirm my connection attempt.  BTW, the
confirmation prompts could be improved a bit: I think it said Yes, No or
Always without telling me what I need to type.  Ok, ok, guessing "a" for
Always wasn't that challenging but (y)es, (n)o, (a)lways would be even
clearer.

Bye,
Tassilo



^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: The Network Security Manager is now on the trunk
  2014-11-23 16:04       ` Lars Magne Ingebrigtsen
@ 2014-11-23 21:09         ` Ted Zlatanov
  0 siblings, 0 replies; 18+ messages in thread
From: Ted Zlatanov @ 2014-11-23 21:09 UTC (permalink / raw)
  To: emacs-devel

On Sun, 23 Nov 2014 17:04:48 +0100 Lars Magne Ingebrigtsen <larsi@gnus.org> wrote: 

LMI> Romain Francoise <romain@orebokech.com> writes:
>> On Sun, Nov 23, 2014 at 04:38:02PM +0100, Lars Magne Ingebrigtsen wrote:
>>> Is there an interface function to query gnutls how many prime bits were
>>> used during connection?  If so, we could add that to the NSM, too.  (On
>>> `high', perhaps.)
>> 
>> `gnutls_dh_get_prime_bits'

LMI> Great.  I'll report that as a wishlist bug so that we don't forget to
LMI> implement it.

Thanks!

Ted




^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: The Network Security Manager is now on the trunk
  2014-11-23 19:30 ` Tassilo Horn
@ 2014-11-24 16:49   ` Lars Magne Ingebrigtsen
  2014-11-24 17:12     ` Eli Zaretskii
  2014-11-24 17:52     ` Stefan Monnier
  0 siblings, 2 replies; 18+ messages in thread
From: Lars Magne Ingebrigtsen @ 2014-11-24 16:49 UTC (permalink / raw)
  To: emacs-devel

I've now added a mini-essay to the lispref manual on network security,
but perhaps this sort of thing should be in the Emacs manual instead?

If so, where in the Emacs manual should it be?

(I tried avoiding using the words "NSA" and "China".)

36.15 Network Security
======================

After establishing a network connection, the connection is then passed
on to the Network Security Manager (NSM).

   The `network-security-level' variable determines the security level.
If this is `low', no security checks are performed.

   If this variable is `medium' (which is the default), a number of
checks will be performed.  If the NSM determines that the network
connection might be unsafe, the user is made aware of this, and the NSM
will ask the user what to do about the network connection.

   The user is given the choice of registering a permanent security
exception, a temporary one, or whether to refuse the connection
entirely.

   Below is a list of the checks done on the `medium' level.

unable to verify a TLS certificate
     If the connection is a TLS, SSL or STARTTLS connection, the NSM
     will check whether the certificate used to establish the identity
     of the server we're connecting to can be verified.

     While an invalid certificate is often the cause for concern (there
     may be a Man-in-the-Middle hijacking your network connection and
     stealing your password), there may be valid reasons for going
     ahead with the connection anyway.

     For instance, the server may be using a self-signed certificate, or
     the certificate may have expired.  It's up to the user to determine
     whether it's acceptable to continue the connection.

a self-signed certificate has changed
     If you've previously accepted a self-signed certificate, but it has
     now changed, that either means that the server has just changed the
     certificate, or this might mean that the network connection has
     been hijacked.

previously encrypted connection now unencrypted
     If the connection is unencrypted, but it was encrypted in previous
     sessions, this might mean that there is a proxy between you and the
     server that strips away STARTTLS announcements, leaving the
     connection unencrypted.  This is usually very suspicious.

talking to an unencrypted service when sending a password
     When connecting to an IMAP or POP3 server, these should usually be
     encrypted, because it's common to send passwords over these
     connections.  Similarly, if you're sending email via SMTP that
     requires a password, you usually want that connection to be
     encrypted.  If the connection isn't encrypted, the NSM will warn
     you.


   If `network-security-level' is `high', the following checks will be
made:

a validated certificate changes the public key
     Servers change their keys occasionally, and that is normally
     nothing to be concerned about.  However, if you are worried that
     your network connections are being hijacked by agencies who have
     access to pliable Certificate Authorities that issue new
     certificates for third-party services, you may want to keep track
     of these changes.

   Finally, if `network-security-level' is `paranoid', you will also be
notified the first time the NSM sees any new certificate.  This will
allow you to inspect all the certificates from all the connections that
Emacs makes.


-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no





^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: The Network Security Manager is now on the trunk
  2014-11-24 16:49   ` Lars Magne Ingebrigtsen
@ 2014-11-24 17:12     ` Eli Zaretskii
  2014-11-24 17:30       ` Lars Magne Ingebrigtsen
  2014-11-24 17:52     ` Stefan Monnier
  1 sibling, 1 reply; 18+ messages in thread
From: Eli Zaretskii @ 2014-11-24 17:12 UTC (permalink / raw)
  To: Lars Magne Ingebrigtsen; +Cc: emacs-devel

> From: Lars Magne Ingebrigtsen <larsi@gnus.org>
> Date: Mon, 24 Nov 2014 17:49:23 +0100
> 
> I've now added a mini-essay to the lispref manual on network security,
> but perhaps this sort of thing should be in the Emacs manual instead?

If it's user (as opposed to Lisp programmer) level information, it
should be in the user manual.

> If so, where in the Emacs manual should it be?

A chapter near "Sending mail", "Rmail", "Gnus", etc.

And don't forget NEWS.

Thanks.



^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: The Network Security Manager is now on the trunk
  2014-11-24 17:12     ` Eli Zaretskii
@ 2014-11-24 17:30       ` Lars Magne Ingebrigtsen
  0 siblings, 0 replies; 18+ messages in thread
From: Lars Magne Ingebrigtsen @ 2014-11-24 17:30 UTC (permalink / raw)
  To: Eli Zaretskii; +Cc: emacs-devel

Eli Zaretskii <eliz@gnu.org> writes:

>> If so, where in the Emacs manual should it be?
>
> A chapter near "Sending mail", "Rmail", "Gnus", etc.
>
> And don't forget NEWS.

Ok; done.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no



^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: The Network Security Manager is now on the trunk
  2014-11-24 16:49   ` Lars Magne Ingebrigtsen
  2014-11-24 17:12     ` Eli Zaretskii
@ 2014-11-24 17:52     ` Stefan Monnier
  2014-11-24 23:50       ` Lars Magne Ingebrigtsen
  1 sibling, 1 reply; 18+ messages in thread
From: Stefan Monnier @ 2014-11-24 17:52 UTC (permalink / raw)
  To: emacs-devel

>    If this variable is `medium' (which is the default), a number of
> checks will be performed.  If the NSM determines that the network
> connection might be unsafe, the user is made aware of this, and the NSM
                      ^^^^^^
I think this is not what we really mean: the connection itself is
generally not dangerous.  Maybe "trustworthy" is closer.


        Stefan



^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: The Network Security Manager is now on the trunk
  2014-11-23 14:16 The Network Security Manager is now on the trunk Lars Magne Ingebrigtsen
  2014-11-23 15:31 ` Romain Francoise
  2014-11-23 19:30 ` Tassilo Horn
@ 2014-11-24 18:19 ` Robert Pluim
  2014-11-24 18:34   ` Eli Zaretskii
  2 siblings, 1 reply; 18+ messages in thread
From: Robert Pluim @ 2014-11-24 18:19 UTC (permalink / raw)
  To: emacs-devel

Lars Magne Ingebrigtsen <larsi@gnus.org> writes:

> `network-security-level' defaults to `low', though, so it will not
> actually be used, so there should currently be no impact on anybody,
> unless I made a boo-boo somewhere.

I tried to customize network-security-level, and failed. I had to launch
gnus before I could do so. I expected to be able to declare my paranoia
before I actually connected to anything....

Regards

Robert




^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: The Network Security Manager is now on the trunk
  2014-11-24 18:19 ` Robert Pluim
@ 2014-11-24 18:34   ` Eli Zaretskii
  2014-11-24 18:55     ` Glenn Morris
  2014-11-24 23:48     ` Lars Magne Ingebrigtsen
  0 siblings, 2 replies; 18+ messages in thread
From: Eli Zaretskii @ 2014-11-24 18:34 UTC (permalink / raw)
  To: emacs-devel

> From: Robert Pluim <rpluim@gmail.com>
> Date: Mon, 24 Nov 2014 19:19:08 +0100
> 
> Lars Magne Ingebrigtsen <larsi@gnus.org> writes:
> 
> > `network-security-level' defaults to `low', though, so it will not
> > actually be used, so there should currently be no impact on anybody,
> > unless I made a boo-boo somewhere.
> 
> I tried to customize network-security-level, and failed. I had to launch
> gnus before I could do so. I expected to be able to declare my paranoia
> before I actually connected to anything....

You need to "M-x load-library RET nsm RET", and then you can customize
it.

Lars, this variable needs to be auto-loaded, I think.

And why does the manual says the default is 'medium', but the truth is
that it's 'low'?



^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: The Network Security Manager is now on the trunk
  2014-11-24 18:34   ` Eli Zaretskii
@ 2014-11-24 18:55     ` Glenn Morris
  2014-11-24 19:00       ` Glenn Morris
  2014-11-24 23:48     ` Lars Magne Ingebrigtsen
  1 sibling, 1 reply; 18+ messages in thread
From: Glenn Morris @ 2014-11-24 18:55 UTC (permalink / raw)
  To: Eli Zaretskii; +Cc: emacs-devel

Eli Zaretskii wrote:

>> I tried to customize network-security-level, and failed. I had to launch
[...]
> You need to "M-x load-library RET nsm RET", and then you can customize
> it.
>
> Lars, this variable needs to be auto-loaded, I think.

As a general comment, auto-loading defcustoms just so people can
customize them in a vanilla Emacs is discouraged (IIRC). (I know nothing
about this specific case.)

See eg
https://lists.gnu.org/archive/html/help-gnu-emacs/2007-06/msg00360.html



^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: The Network Security Manager is now on the trunk
  2014-11-24 18:55     ` Glenn Morris
@ 2014-11-24 19:00       ` Glenn Morris
  2014-11-24 19:06         ` Eli Zaretskii
  0 siblings, 1 reply; 18+ messages in thread
From: Glenn Morris @ 2014-11-24 19:00 UTC (permalink / raw)
  To: Eli Zaretskii; +Cc: emacs-devel

Glenn Morris wrote:

> https://lists.gnu.org/archive/html/help-gnu-emacs/2007-06/msg00360.html

Better reference:

http://lists.gnu.org/archive/html/emacs-devel/2010-01/msg01188.html

    Autoloading of some defcustoms should not be used just because some
    option is "important". It should only be used when it's *necessary*
    for technical reasons.



^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: The Network Security Manager is now on the trunk
  2014-11-24 19:00       ` Glenn Morris
@ 2014-11-24 19:06         ` Eli Zaretskii
  0 siblings, 0 replies; 18+ messages in thread
From: Eli Zaretskii @ 2014-11-24 19:06 UTC (permalink / raw)
  To: Glenn Morris; +Cc: emacs-devel

> From: Glenn Morris <rgm@gnu.org>
> Cc: emacs-devel@gnu.org
> Date: Mon, 24 Nov 2014 14:00:01 -0500
> 
> Glenn Morris wrote:
> 
> > https://lists.gnu.org/archive/html/help-gnu-emacs/2007-06/msg00360.html
> 
> Better reference:
> 
> http://lists.gnu.org/archive/html/emacs-devel/2010-01/msg01188.html
> 
>     Autoloading of some defcustoms should not be used just because some
>     option is "important". It should only be used when it's *necessary*
>     for technical reasons.

This one is.



^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: The Network Security Manager is now on the trunk
  2014-11-24 18:34   ` Eli Zaretskii
  2014-11-24 18:55     ` Glenn Morris
@ 2014-11-24 23:48     ` Lars Magne Ingebrigtsen
  1 sibling, 0 replies; 18+ messages in thread
From: Lars Magne Ingebrigtsen @ 2014-11-24 23:48 UTC (permalink / raw)
  To: Eli Zaretskii; +Cc: emacs-devel

Eli Zaretskii <eliz@gnu.org> writes:

> You need to "M-x load-library RET nsm RET", and then you can customize
> it.
>
> Lars, this variable needs to be auto-loaded, I think.

Yeah...   Or I could move it to a file that's dumped with Emacs,
perhaps? 

> And why does the manual says the default is 'medium', but the truth is
> that it's 'low'?

It's going to default to `medium' in five days.  I wanted to get the
basic build problems addressed before switching it on.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no



^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: The Network Security Manager is now on the trunk
  2014-11-24 17:52     ` Stefan Monnier
@ 2014-11-24 23:50       ` Lars Magne Ingebrigtsen
  0 siblings, 0 replies; 18+ messages in thread
From: Lars Magne Ingebrigtsen @ 2014-11-24 23:50 UTC (permalink / raw)
  To: Stefan Monnier; +Cc: emacs-devel

Stefan Monnier <monnier@IRO.UMontreal.CA> writes:

>>    If this variable is `medium' (which is the default), a number of
>> checks will be performed.  If the NSM determines that the network
>> connection might be unsafe, the user is made aware of this, and the NSM
>                       ^^^^^^
> I think this is not what we really mean: the connection itself is
> generally not dangerous.  Maybe "trustworthy" is closer.

Yes, that sounds better.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no



^ permalink raw reply	[flat|nested] 18+ messages in thread

end of thread, other threads:[~2014-11-24 23:50 UTC | newest]

Thread overview: 18+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-11-23 14:16 The Network Security Manager is now on the trunk Lars Magne Ingebrigtsen
2014-11-23 15:31 ` Romain Francoise
2014-11-23 15:38   ` Lars Magne Ingebrigtsen
2014-11-23 15:50     ` Romain Francoise
2014-11-23 16:04       ` Lars Magne Ingebrigtsen
2014-11-23 21:09         ` Ted Zlatanov
2014-11-23 19:30 ` Tassilo Horn
2014-11-24 16:49   ` Lars Magne Ingebrigtsen
2014-11-24 17:12     ` Eli Zaretskii
2014-11-24 17:30       ` Lars Magne Ingebrigtsen
2014-11-24 17:52     ` Stefan Monnier
2014-11-24 23:50       ` Lars Magne Ingebrigtsen
2014-11-24 18:19 ` Robert Pluim
2014-11-24 18:34   ` Eli Zaretskii
2014-11-24 18:55     ` Glenn Morris
2014-11-24 19:00       ` Glenn Morris
2014-11-24 19:06         ` Eli Zaretskii
2014-11-24 23:48     ` Lars Magne Ingebrigtsen

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/emacs.git
	https://git.savannah.gnu.org/cgit/emacs/org-mode.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.