From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!.POSTED!not-for-mail
From: Jimmy Yuen Ho Wong <wyuenho@gmail.com>
Newsgroups: gmane.emacs.devel
Subject: Re: A couple of questions and concerns about Emacs network security
Date: Sun, 8 Jul 2018 15:58:45 +0100
Message-ID: <CAKDRQS4hakmigOEWqis2mjqUccywAeKDoK=X84gesGRNvMjsdA@mail.gmail.com>
References: <m236xe5vo2.fsf@mobilecat.lan>
	<eba313cf-104d-50dd-f1cd-4acb15864c0f@cs.ucla.edu>
	<83o9g2uhju.fsf@gnu.org>
	<20180705115826.73c1d95e@jabberwock.cb.piermont.com>
	<E1fbCz5-00088E-Cg@fencepost.gnu.org>
	<CAKDRQS68xcs74s3afKTYgnQQYC1URhK6AAw=zGMSACGJbPU1Fw@mail.gmail.com>
	<878t6lom8g.fsf@mouse.gnus.org> <83601pixph.fsf@gnu.org>
NNTP-Posting-Host: blaine.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
X-Trace: blaine.gmane.org 1531061834 4765 195.159.176.226 (8 Jul 2018 14:57:14 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Sun, 8 Jul 2018 14:57:14 +0000 (UTC)
Cc: Lars Ingebrigtsen <larsi@gnus.org>, Emacs-Devel devel <emacs-devel@gnu.org>
To: Eli Zaretskii <eliz@gnu.org>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sun Jul 08 16:57:10 2018
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by blaine.gmane.org with esmtp (Exim 4.84_2)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1fcB7d-00014x-Mv
	for ged-emacs-devel@m.gmane.org; Sun, 08 Jul 2018 16:57:09 +0200
Original-Received: from localhost ([::1]:37264 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1fcB9i-0000CI-95
	for ged-emacs-devel@m.gmane.org; Sun, 08 Jul 2018 10:59:18 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:48359)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <wyuenho@gmail.com>) id 1fcB9Y-00009q-6X
	for emacs-devel@gnu.org; Sun, 08 Jul 2018 10:59:12 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <wyuenho@gmail.com>) id 1fcB9U-0004kl-33
	for emacs-devel@gnu.org; Sun, 08 Jul 2018 10:59:08 -0400
Original-Received: from mail-it0-x233.google.com ([2607:f8b0:4001:c0b::233]:40104)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <wyuenho@gmail.com>)
	id 1fcB9P-0004iU-CH; Sun, 08 Jul 2018 10:58:59 -0400
Original-Received: by mail-it0-x233.google.com with SMTP id 188-v6so23165611ita.5;
	Sun, 08 Jul 2018 07:58:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=mime-version:references:in-reply-to:from:date:message-id:subject:to
	:cc; bh=AU8tovnQYJNe/I+cQZLdHqEq7xay6mOd2/CJPLnizFU=;
	b=mqHvQRfB95SnDhIWAgJFPTv1l3A/ePCgtgx4WSwOyyrbTQ2rGg1Xz2cAzAbWq7sE8W
	ZYw3g+ArfRE0OnQtd2vhOzJyY1WRianCgp8YEVnedvl16XtN6wBYoaGJpondCydBoRkN
	54jW31BunlxhQXCOoqy7Gxt0PYFD2/tqZA5/XCw1WYExejfmKgkwUsUiTGaKkkYeYuN/
	p+gswT0WJ8P69Um5Q+Q2P9rhyDjhejC0QUvGBCxHCl5PSU94JVzV6tmn5vfHOVc+TerC
	slmtxF8f4AMWEn6rw3aRIPIapoJY/2hP3pTC4Jgq6o9UdIIePVKBMes4kkvCBm8W91Dm
	V2GA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:mime-version:references:in-reply-to:from:date
	:message-id:subject:to:cc;
	bh=AU8tovnQYJNe/I+cQZLdHqEq7xay6mOd2/CJPLnizFU=;
	b=DMtN46rv9Q8Dfzf+MvhMEeUnSQQbuePDktiaUPr4k1WBVjaQypqXBkHT3hf8Sahdfl
	GlijR1CyVeVwzW+ZRoEYYgxzi31Mc9u4egH7IIRphhzOTJjTC0yYS4B+xtyLNirBJwXq
	Y5u9QOo5+Yr4rgodPodArWgkPV/WhdpTaf+hDuskZbZVsPUhdhYZLKZFDmfdxD/lh8jm
	I5H1sL8C/NLuq6VevipfpCf4k26ElIqDUqXQMNzAO/zDr3hxYygviDg54k6edyPIxGh0
	xikN6kaYIohD0qdl9ac/m0N/A8DHDofgng6u+ile9rbvpujoWRHPfRvtB2W0iOT6ymmN
	8PNA==
X-Gm-Message-State: APt69E3Fdv77a0kJ5usOPYsgSwtqs5zy6pfdoPcYsWIbig9ghWsNNce7
	4Ww5CigiXmVpb2efH1PtZ/TunvExO9FUcZyNiKA/dA==
X-Google-Smtp-Source: AAOMgpeXlh/U2/Zjs1f2mwEUyyhfddpC2UIWt69tTAWfQrwpx0h7ZD6XDqX65u5eCRyhIx5uYQbk3VcL+ie38gQcvIY=
X-Received: by 2002:a24:46c5:: with SMTP id
	j188-v6mr14231219itb.105.1531061938356; 
	Sun, 08 Jul 2018 07:58:58 -0700 (PDT)
In-Reply-To: <83601pixph.fsf@gnu.org>
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 2607:f8b0:4001:c0b::233
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel/>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: "Emacs-devel" <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.emacs.devel:227105
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/227105>

On Sun, Jul 8, 2018 at 3:55 PM Eli Zaretskii <eliz@gnu.org> wrote:
>
> > From: Lars Ingebrigtsen <larsi@gnus.org>
> > Date: Sun, 08 Jul 2018 16:06:39 +0200
> > Cc: Emacs-Devel devel <emacs-devel@gnu.org>
> >
> > But, yes, as Eli says, `paranoid' should perhaps do more for non-TLS
> > connections.  The question is "what", though, because there's no
> > fingerprint (beyond the host/port number) that we can use to verify
> > that a non-TLS connection is to a previously seen host.
>
> We could look at the browsers for inspiration, perhaps?
>

Browsers have only 1 security level, and shows a green padlock on the
address bar for HTTPS, and no padlock for cleartext connection.
There's no warning whatsoever. If you want to do the padlock think,
you might want to do it in EWW and all those Email/Newsgroup packages
instead of NSM.