From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Robert Pluim Newsgroups: gmane.emacs.devel Subject: Re: The netsec thread Date: Mon, 23 Jul 2018 10:17:52 +0200 Message-ID: <8736wamklr.fsf@gmail.com> References: <83bmb214ez.fsf@gnu.org> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Trace: blaine.gmane.org 1532333770 3987 195.159.176.226 (23 Jul 2018 08:16:10 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Mon, 23 Jul 2018 08:16:10 +0000 (UTC) Cc: Lars Ingebrigtsen , Emacs-Devel devel To: Jimmy Yuen Ho Wong Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Jul 23 10:16:06 2018 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fhW0g-0000qb-OD for ged-emacs-devel@m.gmane.org; Mon, 23 Jul 2018 10:16:02 +0200 Original-Received: from localhost ([::1]:33281 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fhW2n-0001Si-Il for ged-emacs-devel@m.gmane.org; Mon, 23 Jul 2018 04:18:13 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:43643) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fhW2e-0001SX-VX for emacs-devel@gnu.org; Mon, 23 Jul 2018 04:18:06 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fhW2V-0007OU-VA for emacs-devel@gnu.org; Mon, 23 Jul 2018 04:18:04 -0400 Original-Received: from mail-wr1-x431.google.com ([2a00:1450:4864:20::431]:44607) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fhW2V-0007OG-Nj for emacs-devel@gnu.org; Mon, 23 Jul 2018 04:17:55 -0400 Original-Received: by mail-wr1-x431.google.com with SMTP id r16-v6so16933887wrt.11 for ; Mon, 23 Jul 2018 01:17:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:references:mail-followup-to:mail-copies-to :gmane-reply-to-list:date:in-reply-to:message-id:mime-version :content-transfer-encoding; bh=it69t/SaCoXjYD6kfheFTrQPyUqKepj47K2g3K9EiZo=; b=BgzCU66DFF5FF/0dsHmqb46ejv+ZvBxxwkyYkpI17r2bltYBk3I7GTGkKJhkAE/uN6 x2PZ+Krd0ixnIkFYfE+bcYqbrYJCgVrnilpGzqaXRfzcf/x5llvQ+5r56ek4gncJ4N8B rIeiYJSTeIibW7IV4rrGDspquT37ug4TXRYcxCWORaaJwm1HVU3SN0inAHCZnyC2LQ9d cMC6ntex5X4NYsjf5Xc3/05/AbLt8Nacpky4lwelHf/0I/UhIffCDTlhVZsW6br92cQT Z4pcWZuwwhYjqa9mqjDwFm3Ou87uqoLTxXjDuWkf0fsHVEo0LhkD/t08OOyOR8h6DwKI gypw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:references:mail-followup-to :mail-copies-to:gmane-reply-to-list:date:in-reply-to:message-id :mime-version:content-transfer-encoding; bh=it69t/SaCoXjYD6kfheFTrQPyUqKepj47K2g3K9EiZo=; b=tUkxMNZu0Oy5Cwb6MopR+ca21JJYGbOE9hZ9Us4hjPAYktsVv8iZU3IiduCmjr2DkH vklbC+GJgFeKuLUWVqDGsakmeY1OH3aYTI1ZJ1150cgokxlpgPgYtHnilY4uFrMpKo5/ ToRC49buXr1tJhL0CmoFHxpZXXv++CoJe6JdzLKvZnR5JTgEgvO9kiF0idjDtGdAmO7S yEmSfxqkE8nfhv7SsAAY32UuD9d+2ti67eQqij8JMtjNYvFY3+g81dzhPImtyRnNGc5N KqfUNxjvFsWFafcpR3Mm86bq9E2w1Ru2rElbzhJm50KvvydQbIKDZ0VkGe74pNOS07AP 7vQg== X-Gm-Message-State: AOUpUlG8FMG56piuqPo16ZzezFY4+BK8+e8I0LtGwgp/b35lgsQ5zoo6 DJkEe7Y/yYca5hk9bwATyFfPS3js X-Google-Smtp-Source: AAOMgpdpS5iNlAbTL+6VeKSVd0a0a8hjWONzvkn3d07ULtxZ+KcCA/HNqIysVH9n5FZlZMLsASGJrA== X-Received: by 2002:adf:9485:: with SMTP id 5-v6mr8159335wrr.82.1532333874296; Mon, 23 Jul 2018 01:17:54 -0700 (PDT) Original-Received: from rpluim-ubuntu ([149.5.228.1]) by smtp.gmail.com with ESMTPSA id f20-v6sm11669864wmd.3.2018.07.23.01.17.53 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 23 Jul 2018 01:17:53 -0700 (PDT) Mail-Followup-To: emacs-devel@gnu.org Mail-Copies-To: never Gmane-Reply-To-List: yes In-Reply-To: (Jimmy Yuen Ho Wong's message of "Mon, 23 Jul 2018 01:12:15 +0100") X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:4864:20::431 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:227701 Archived-At: Jimmy Yuen Ho Wong writes: >> And, as I've said before, >> `paranoid' should stay. >> > > Eli's use case has already been taken cared of by > `nsm-trust-local-network`. `paranoid has been aliased to `high for > backward compatibility. > > Robert do you still object to removing the `paranoid level? I've > removed that prompt that askes for permission on every TLS connection > due to crying-wolf effect. As I=CA=BCve said before: I don=CA=BCt think many people need to be prompted every time a TLS connection is set up from emacs to a host that=CA=BCs never been seen before, but I do, as I need to inspect the connection parameters. Yes it=CA=BCs annoying, but I can live with self-imposed annoyance. > If there isn't an objection from people who've found use for it, I'd > really like to try without 'paranoid on master later before declaring > it insufficient. I guess I could always add my own function into 'high, but I=CA=BCd prefer it if it was available by default. >>> +(defun nsm-should-check (host) >>> + "Determines whether NSM should check for TLS problems for HOST. >>> + >>> +If `nsm-trust-local-network' is or returns non-nil, and if the >>> +host address is a localhost address, a machine address, a direct >>> +link or a private network address, this function returns >>> +nil. Non-nil otherwise." >> >> What do you mean by "machine address"? The MAC address? If you mean >> IP address, it's perfectly valid to have TLS on a non-named IP >> address. 1.0.0.1 does that for DNS over HTTPS last I heard, and >> that's definitely a service you should verify, well, everything on. >> I=CA=BCm a bit dubious about the whole 'nsm-trust-local-network' stuff. nsm already stores per-host settings, so why the need to check for RFC 1918 addresses? Besides, I can easily set things up so that I=CA=BCm using RFC1918 addresses, but the packets would definitely not be going over what you'd think of as a 'local' or 'private' network. I=CA=BCd thought this was going to be something like 'trust this subnet', which I can see people wanting, although I=CA=BCd recommend against them using. That would require that nsm-should-check pass the host to the user-specified nsm-trust-local-network function (or you define a 'nsm-trusted-by-default-networks' variable). > I mean 0.0.0.0/8. I'm not sure what the proper name is or if I even > need to deal with it. What do you think? If you mean localhost, then you have: (or ;; (0.x.x.x) this machine (eq (aref address 0) 0) ;; (127.x.x.x) localhost (eq (aref address 0) 0)) where that second eq should check against 127, I think. I can think of no situation in which 0.0.0.0/8 would be something you need to check against (nor can I see how you'd ever see such a value). Robert