From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Lars Magne Ingebrigtsen Newsgroups: gmane.emacs.devel Subject: Re: Network security manager Date: Tue, 18 Nov 2014 23:13:29 +0100 Message-ID: References: <85a93pj1n5.fsf@stephe-leake.org> <87sihg7r73.fsf@alrua-karlstad.karlstad.toke.dk> <87a93oilxl.fsf@lifelogs.com> <87fvdg6xnn.fsf@alrua-karlstad.karlstad.toke.dk> <878uj86wr4.fsf@alrua-karlstad.karlstad.toke.dk> <87r3x05fze.fsf@alrua-karlstad.karlstad.toke.dk> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable X-Trace: ger.gmane.org 1416348850 9737 80.91.229.3 (18 Nov 2014 22:14:10 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Tue, 18 Nov 2014 22:14:10 +0000 (UTC) Cc: emacs-devel@gnu.org To: Toke =?iso-8859-1?Q?H=F8iland-J=F8rgensen?= Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Nov 18 23:14:04 2014 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Xqr2C-0002il-F8 for ged-emacs-devel@m.gmane.org; Tue, 18 Nov 2014 23:14:04 +0100 Original-Received: from localhost ([::1]:55666 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xqr2C-0004JH-0s for ged-emacs-devel@m.gmane.org; Tue, 18 Nov 2014 17:14:04 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:52114) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xqr22-0004If-LR for emacs-devel@gnu.org; Tue, 18 Nov 2014 17:14:00 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Xqr1x-0003VM-9H for emacs-devel@gnu.org; Tue, 18 Nov 2014 17:13:54 -0500 Original-Received: from hermes.netfonds.no ([80.91.224.195]:53451) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xqr1x-0003V3-2g for emacs-devel@gnu.org; Tue, 18 Nov 2014 17:13:49 -0500 Original-Received: from cm-84.215.51.58.getinternet.no ([84.215.51.58] helo=stories.gnus.org) by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1Xqr1d-0006Oe-Fg; Tue, 18 Nov 2014 23:13:29 +0100 Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAD1BMVEUtDBEKBAhGFRiQQTgn CA/UdHkZAAACKUlEQVQ4jZWU69HcIAxFAVMAwiqAhwuwpa8AsOm/pkjYTmYz2R9hZmdkLgIdPdbw l2W+CvCx8LdlYn/NDB1iFiNNYc1gAYIF1O8iwvozBUDkA7a8MYMNyUS4jluAoILs84Ene7edR7gF 8e8lV2ZyxWBoJo1HgACU3UmnR8BgMPVXGFiyvXbY5iHozxsa++g9uA+avwD/rA8hdBte/FsYEDJE iR+rDT1ur4AElcBl8Gu1q114CleGlY9SdkHflpprqtRVcLsKVQB5r8SppKXY+yo0bIVbNPE7a15K xufx3pkTZ90Q7ipnxyMgU6tUUlDWAa2rR3/KhtuAcVtDhEjKAB4gysH7Aq2jkXqtB8Td9iqf1aog UGAGBiYJmBxnKFSqMDAHMD2sQuZmyyCVon7MTh73cprjFPYqJkFXdK2H4/1iLqzwPhX16DjDOL1C 01bbgdpAPJ7smlZ5LySA8rLQe+hKHrXjsMNFpd94w5VJhEPs4YfHcbZxLwWchknGUNva4sdopx9o 1iRmbZTQFdmq26BxkpwMYIcgSnYlVudoazQuCUveyP1iogl4lUoS4FUVMNiowKx8i9SrUF5ewFAW SUXlStfe6g9IJsfT1NoFTOVHird07WEvgyPzIq3izkvS4mf1BOqjRfPX3p0J/YeAWnwVML/zoRY0 7Rrw8ovp9Vi1jQusm5zqDbTdDSykwlAhZkTXgw3zKhn8MGQEwPUoqZfp70E9/vvf5xcJbI7lw6bM FAAAAABJRU5ErkJggg== X-Now-Playing: Talking Heads's _The Name Of This Band Is Talking Heads (Disc 2: 1980-1981)_: "The Great Curve" X-Hashcash: 1:23:141118:emacs-devel@gnu.org::xHAJX20DRePC3BRN:0000000000000000000000000000000000000000000InF X-Hashcash: 1:23:141118:toke@toke.dk::bCPiJUeetMxWij+K:00000cmRF In-Reply-To: <87r3x05fze.fsf@alrua-karlstad.karlstad.toke.dk> ("Toke \=\?iso-8859-1\?Q\?H\=F8iland-J\=F8rgensen\=22's\?\= message of "Tue, 18 Nov 2014 22:57:41 +0100") User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/24.4.51 (gnu/linux) X-MailScanner-ID: 1Xqr1d-0006Oe-Fg MailScanner-NULL-Check: 1416953609.62825@UUwv3RUhbGbYQKbHWIBOMA X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 80.91.224.195 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:177682 Archived-At: Toke H=F8iland-J=F8rgensen writes: > Lars Magne Ingebrigtsen writes: > >>> I just tried running the thing; it does ask for verification when >>> connecting to news.gwene.org, but I can't get it to ask to trust a >>> fingerprint when connecting to my mail server (which has a cert that >>> otherwise verifies)? >> >> If the certificate is valid, then nothing is queried. > > Well I'd like to request that feature, please. This is the idea behind > TOFU: Only connect if the cert is in the database, whether it is > otherwise valid or not... Then I misunderstood TOFU -- I thought it was about certificate pinning. The first time you connect, you don't have much to compare it against, so it seemed superfluous to query the user about it. And that's going to be a *lot* of querying if you're using Emacs to browse the web. But I can move the present pinning code down to `high', and then add "query on first usage" on `paranoid'? --=20 (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no