From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Jimmy Yuen Ho Wong Newsgroups: gmane.emacs.devel Subject: Re: The netsec thread Date: Mon, 23 Jul 2018 15:58:18 +0100 Message-ID: References: <83bmb214ez.fsf@gnu.org> <8736wamklr.fsf@gmail.com> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Trace: blaine.gmane.org 1532357848 11785 195.159.176.226 (23 Jul 2018 14:57:28 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Mon, 23 Jul 2018 14:57:28 +0000 (UTC) Cc: Lars Ingebrigtsen To: Emacs-Devel devel Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Jul 23 16:57:23 2018 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fhcH5-0002u5-F2 for ged-emacs-devel@m.gmane.org; Mon, 23 Jul 2018 16:57:23 +0200 Original-Received: from localhost ([::1]:35040 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fhcJA-0006vF-Q3 for ged-emacs-devel@m.gmane.org; Mon, 23 Jul 2018 10:59:32 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:48055) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fhcIL-0006tj-Eg for emacs-devel@gnu.org; Mon, 23 Jul 2018 10:58:43 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fhcIK-00013L-GS for emacs-devel@gnu.org; Mon, 23 Jul 2018 10:58:41 -0400 Original-Received: from mail-io0-x22d.google.com ([2607:f8b0:4001:c06::22d]:40204) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fhcIK-000130-AW for emacs-devel@gnu.org; Mon, 23 Jul 2018 10:58:40 -0400 Original-Received: by mail-io0-x22d.google.com with SMTP id l14-v6so777266iob.7 for ; Mon, 23 Jul 2018 07:58:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=jT8gLXXq0lNHmxjWLS2G70HrN8SeEx0xbL/rTpZfxFw=; b=YF+4Y1lvdj0HBfsWIE22J7kRJJrthg+k/QZGMAmjcfDvGXbeDygtYFRViSBdUWH4cw W9UZoC1BusQF6UYNDyyJZ9+JIWk2c7eOEyy0yzbCKNvAnGVHgapA8YB7BECJ30roQy8B tzkLhnbIgzYgZbDiXw1slq1JVbS9QUz/GTbO5KnKr2VTEr9TiPFQhjC7SbzvU4iFMz4a m5FZ/iq7xuGwW+dXTkoRF6Kuu5KIv+Wf7tuPWwprrlp5gFmSXZFwrLb68ylbcN9qNavv 2r1+aFasztTPSKnoIWm/lMORtlbxndrpqhQgA/eGyBG8Us3URX5nLS4YrzLfUBfwZSBg HnxA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=jT8gLXXq0lNHmxjWLS2G70HrN8SeEx0xbL/rTpZfxFw=; b=Yzk5gNvkZds3zyXk+jBfjp5v0ZqT3Q6QF9LRZMUYn18nIlbvas1+x/bcpRUz22+0ee Cga/qG+E6n3esQ6xQFx7E4lrqFZ3Ir2ckjgRHN+p3a7mKRRMMlchEg0rWoumplCSbWqj u5LL5vlviXw6BonosaS2XmMgJjiK5ITdjxqyRrtH8A6k3rTKxy+2266NTxGn6FWvHZc7 0tHJDxBOP3GkUPqH1PeNJjHuUL6cI4x1MhSHRiFsMALVg/GWhryVPnUIQZjKKVsDNSE/ Q9j6NXVQHAHi9ERwNPY0dbL+m/J5KKUszj6zyl6hecwkEYfJQ3+HD8IE+ZmHmOOhcNsa jvYQ== X-Gm-Message-State: AOUpUlHHJchFK6QwMy0TeP1jhwvTGlOITVne3okgkTQp44lPvrYifefS UJXM8oKUdzYIqtRzKivzWzAPjDewfdX5FP/yH+Lr0Q== X-Google-Smtp-Source: AAOMgpcSGzaBFg6XBGU9rdlnr/aqVF2aqa34EUlmn26Usr583YS/d3qC66ZRzG4nVjiToiu6Ljcmw/fu0Z0e1bsoZ4c= X-Received: by 2002:a6b:e00f:: with SMTP id z15-v6mr10121235iog.296.1532357919426; Mon, 23 Jul 2018 07:58:39 -0700 (PDT) Original-Received: by 2002:a02:985d:0:0:0:0:0 with HTTP; Mon, 23 Jul 2018 07:58:18 -0700 (PDT) In-Reply-To: <8736wamklr.fsf@gmail.com> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2607:f8b0:4001:c06::22d X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:227712 Archived-At: On Mon, Jul 23, 2018 at 9:17 AM, Robert Pluim wrote: > Jimmy Yuen Ho Wong writes: > >>> And, as I've said before, >>> `paranoid' should stay. >>> >> >> Eli's use case has already been taken cared of by >> `nsm-trust-local-network`. `paranoid has been aliased to `high for >> backward compatibility. >> >> Robert do you still object to removing the `paranoid level? I've >> removed that prompt that askes for permission on every TLS connection >> due to crying-wolf effect. > > As I=CA=BCve said before: I don=CA=BCt think many people need to be promp= ted > every time a TLS connection is set up from emacs to a host that=CA=BCs > never been seen before, but I do, as I need to inspect the connection > parameters. Yes it=CA=BCs annoying, but I can live with self-imposed > annoyance. > Deep human packet inspector Robert :) Would you mind expanding a bit more on that need to inspect the connection params when you connect to a host you've never seen before? Currently the prompt doesn't really show you nearly enough to inspect connection params. I want to make sure your need is taken cared of properly (I'm contemplating an actual debug mode that prompts after every handshake) without introducing something into emacs that's so far only useful for one person. >> If there isn't an objection from people who've found use for it, I'd >> really like to try without 'paranoid on master later before declaring >> it insufficient. > > I guess I could always add my own function into 'high, but I=CA=BCd prefe= r > it if it was available by default. > I can alternatively resurrect that functionality as a separate check that's available but not added to any levels. You can add it to any level in Customize easy enough, but not so easy that a naive user would enable in the hope for more security. Would this be an acceptable compromise?