From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Lars Magne Ingebrigtsen Newsgroups: gmane.emacs.devel Subject: Re: Network Security Manager merge time? Date: Tue, 25 Nov 2014 17:30:36 +0100 Message-ID: References: <87lhn7cfe0.fsf@lifelogs.com> <87egszcd3i.fsf@lifelogs.com> <87h9xvavjm.fsf@lifelogs.com> <874mtuc1hq.fsf@lifelogs.com> <871torfjk8.fsf@lifelogs.com> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1416933147 13694 80.91.229.3 (25 Nov 2014 16:32:27 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Tue, 25 Nov 2014 16:32:27 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Nov 25 17:32:21 2014 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1XtJ2K-0004tQ-Ef for ged-emacs-devel@m.gmane.org; Tue, 25 Nov 2014 17:32:20 +0100 Original-Received: from localhost ([::1]:58268 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XtJ2J-0006Eo-S7 for ged-emacs-devel@m.gmane.org; Tue, 25 Nov 2014 11:32:19 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:37609) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XtJ19-0005In-DT for emacs-devel@gnu.org; Tue, 25 Nov 2014 11:31:12 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XtJ14-0004hi-2y for emacs-devel@gnu.org; Tue, 25 Nov 2014 11:31:07 -0500 Original-Received: from hermes.netfonds.no ([80.91.224.195]:56520) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XtJ13-0004hR-SZ for emacs-devel@gnu.org; Tue, 25 Nov 2014 11:31:02 -0500 Original-Received: from cm-84.215.51.58.getinternet.no ([84.215.51.58] helo=stories.gnus.org) by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1XtJ0e-0001P0-I2 for emacs-devel@gnu.org; Tue, 25 Nov 2014 17:30:36 +0100 Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAHlBMVEXCvr4zMDEnJCWLiIdU UlAYFhdxbmtpZGNBPj4GBgYIbfVOAAACHElEQVQ4jV3Uz4+aQBQH8ElI8LqLyya9NXbZpjeNBHp0 3OwMf4A2cquVtB5rIYajgK7psSQc+G/7fgyie/7kve+84Q0iTpq4fSm2zfCrdlV4WqSFGLweQhEn LUE9nOiRCv8uNgQBQ1XmzXBy9rT/YbFxAO5CscRWDEeEVeoIG1stLxkT7eqQ4UStmi8ASV1hBrYq sIKheZFJDadyVNgBtPJ7GKmBAQiPCQoExVAyXFUoaOWu0g6SvsLFARkCsQzrS4Z7U3EV7uKpEOYA 3jtYdbD0Tatqoq5aYUZXMekrXj8GplVE4CifIDgBxB3AXXnQatEBnqqlDB6QJ0foLpHhRDC/s68n 1wSpAb72yFQEUDHvoc9AkMKaHwji2wwpbHmw6JtTxnuItwQZgL4F3pLscirM6CpwS/6ZVk8Iu0uG zMyn5QqCHCtkfnNcgi2vKNyuKjW3CmRX8ebkzeP67Gj/9JQC7HBAAlpq7eyvwuMM7qri9bn/GZYP m0hY+cziimqX1AdrfBbWr814KsR03M9RD/3NbmplCiH4Tq0I4A2qggaEVttZD5hRQvhngssc5gvu BwZmNmdUjjnugFut8UXlLQ/4aX32+ksEiBDu8+Z5fRxp38XJ4doBJMJINs8/8Dm7ZksI2vbNQ3jw zj4tNVyibWAEGQBQsdpDhcQ5GCTAESp426PflmgRHgG+/aFfBv59AqwwEGH4snsGcmb/B3k8YI9e eqw/AAAAAElFTkSuQmCC X-Now-Playing: Ryuichi Sakamoto's _1996_: "Aoneko no Torso" X-Hashcash: 1:23:141125:emacs-devel@gnu.org::A6ZWrIVD0fqWOTJ4:000000000000000000000000000000000000000000cNbH In-Reply-To: <871torfjk8.fsf@lifelogs.com> (Ted Zlatanov's message of "Tue, 25 Nov 2014 09:20:39 -0500") User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux) X-MailScanner-ID: 1XtJ0e-0001P0-I2 MailScanner-NULL-Check: 1417537836.63747@Cd8vzeVKgbqIVMd7uvAoOg X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 80.91.224.195 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:178252 Archived-At: Ted Zlatanov writes: > I think we should now do the following: > > * deprecate `gnutls-verify-error' in favor of `network-security-level' > > * to help the migration, map :trustfiles and :hostname to 'medium (IIUC) I think that proper Professional Security Professionals won't trust that us lowly Emacs developers can get something as sacred as this stuff right, so they will still want to be able to instruct the gnutls library to refuse connections directly. And I see no great reason why we can't do that. I mean, the code is already there. The only downside is that we could get rid of some code, and there would only be one thing for users to consider customising instead of two, so it would allow us to get rid of that potential confusion. But I have no strong opinions on this. Anybody? > * add the ability to set the `network-security-level' per hostname regex I still don't see the use case. :-) The only reason to bump the level over `medium' is that the user is worried that the NSA is paying a rogue CA to issue certificates for your bank, and if you are, you should be running on `high' always. And `medium' is so unintrusive that I hope that nobody will feel the need to run with `low'. If they feel that need, then we've misdesigned something. > * put the 'gnutls customization group next to 'nsm under 'comm Yeah, that would be nice. -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no