From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Jimmy Yuen Ho Wong Newsgroups: gmane.emacs.devel Subject: Re: The netsec thread Date: Fri, 20 Jul 2018 13:55:01 +0100 Message-ID: References: NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" X-Trace: blaine.gmane.org 1532091211 4228 195.159.176.226 (20 Jul 2018 12:53:31 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Fri, 20 Jul 2018 12:53:31 +0000 (UTC) Cc: Emacs-Devel devel To: Lars Ingebrigtsen Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Fri Jul 20 14:53:26 2018 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fgUuU-00010u-Jc for ged-emacs-devel@m.gmane.org; Fri, 20 Jul 2018 14:53:26 +0200 Original-Received: from localhost ([::1]:48047 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fgUwb-0004U5-G3 for ged-emacs-devel@m.gmane.org; Fri, 20 Jul 2018 08:55:37 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:54686) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fgUwR-0004Rm-Uw for emacs-devel@gnu.org; Fri, 20 Jul 2018 08:55:32 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fgUwN-0004v2-Ke for emacs-devel@gnu.org; Fri, 20 Jul 2018 08:55:28 -0400 Original-Received: from mail-it0-x22c.google.com ([2607:f8b0:4001:c0b::22c]:40150) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fgUwN-0004uA-Dj for emacs-devel@gnu.org; Fri, 20 Jul 2018 08:55:23 -0400 Original-Received: by mail-it0-x22c.google.com with SMTP id 188-v6so14396351ita.5 for ; Fri, 20 Jul 2018 05:55:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=+k5wy9OW318PIv71BrtkQfM2FzFdDJp4epCWwdG2wQg=; b=IIed6Exe4meDvIKGwth3eHXkJN9tLkvJ3Usicy1OGC6LM006FEVt5UGfXwlWSi2m2M cvGeuq/+4iCssVk6a+Kby1LTBpRqzG29QkEyWwEv3rASGJJBIPx83sA5bcqDWJg8z9lq +YMTQJcZws6hTaOK4ffbISJL0BRxNnd8UvfBXzFcyU4nUkgwfxvWtWu9evNrjon2e8Dy RNhsPvimd6LrtfiwxXvrh+RsGyviHPEPTJjS36/JPnbN1lPqu2gWjaykUbsDnmIRHMv6 uRX/9IyMc9L0mORdKU3RUspZd6lunh2xrT1WeQitUzkUG0Q/WN5jdUwo1XpythOuy8uQ dBWg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=+k5wy9OW318PIv71BrtkQfM2FzFdDJp4epCWwdG2wQg=; b=CNs6569Y9ugJZSv+OL9aTcY9sBSExg0tLReBU7KLXfk08xnoNGZ6qkOLffDD0c13gy c13IwBWXr+ekv1ZxCp7+YFGcvefMjLaQwT6t1rQqnNautJx1Zcd7cySmaIoMcZ53vJOO s9vkrbm/3RnTYyA7TzjPRdgZuc9hxspKryDPOVAo4EDxTIz18UhVaCclXULxpo48mK2z WzzMqVzxTwkjkOv9I7mQ/I9o4RZabks/eMeK6VY6qqdzZVboXkvrIiDTvxOJ+8r5XOFI odb4OcsJmeMoblCPRmI8mvtnLWiG8kD8khK7yo4pYlUB9sT/IUJMn2zy2rLVfx69sANc Y5Cg== X-Gm-Message-State: AOUpUlELOT0cn+BlN7Co4/d7owApUrLM02uXNuA4BlwmU5yFh7lV7gkH NuM4cdpBsP08Z3ImD3oXsqxOuBnw0WxclR4JTAQHmA== X-Google-Smtp-Source: AAOMgpdDanf2+EMc0AcG37K2Yj5m+oiFfdcBwnfT3GJp1EV98Ky0i+tN3BblC94pfpR6XSzdTclfkiiozasTBsq/GAU= X-Received: by 2002:a24:5442:: with SMTP id t63-v6mr1922279ita.31.1532091322156; Fri, 20 Jul 2018 05:55:22 -0700 (PDT) Original-Received: by 2002:a02:985d:0:0:0:0:0 with HTTP; Fri, 20 Jul 2018 05:55:01 -0700 (PDT) In-Reply-To: X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2607:f8b0:4001:c0b::22c X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:227579 Archived-At: Woooo I like this bikeshedding :) Thanks in advance for checking out the netsec branch. Just a heads up tho, I plan to push my OCSP stuff this weekend, let me know if you prefer me doing it before or after your review. Abobut the issued to and issued by, there are a couple of reasons I just dumped out the the whole DN, mainly because of DV, OV and EV certs put different and sometime irrelevent things in the RDNs. But obvious, current iteration isn't ideal either. Perhaps I should sort the RDNs, and always outpunt CN=...O=...OU=.... in that order, and properly wrap them. As to session info, I can probably merge the TLS extensions into a single line. On Fri, Jul 20, 2018 at 12:33 PM, Lars Ingebrigtsen wrote: > I still haven't looked at the code for the netsec branch, but I've got > that scheduled for Sunday. *crosses fingers* > > But that doesn't mean that we can't bikeshed some UI stuff in the > meantime. :-) > > Here's the current NSM info buffer: > > > > And here's Jimmy's new one: > > > > I like the underlining, indentation and *bullet points, but it's looking > like it's moving more in the direction of a TLS debugging buffer than > something that a user has much chance of understanding or navigating. > (The old one also has that problem, but to a lesser degree.) > > For instance, displaying the full x.50x/RFC4514 string is a turn-off and > looks like line noise to most people, I think. Breaking out the three > bits that are of interest, the CN from the issuer, the O from the > recipient, and the host name, is more readable. (Not to mention that > the strings are usually too long and will wrap on common > configurations.) > > And in the opposite direction, breaking out all the encryption stuff > into their own lines doesn't make much sense, I think. The session > details could be reserved for the `d'etails buffer. "Encrypt-then-MAC" > sounds so... internal. :-) > > The explanation line ("... is insecure ...") hasn't been folded > correctly, and it says "reasons" even if there's just one reason. > > The addition of the details is great: > > > > The keystrokes should be more standard, though: SPC for forward and DEL > for back (perhaps in addition to the one you've got). And I was unsure > what "quit" would do -- quit the entire connection or just the details > buffer? > > -- > (domestic pets only, the antidote for overdose, milk.) > bloggy blog: http://lars.ingebrigtsen.no > >