Re: Bug#766395: emacs/gnus: Uses s_client to for SSL.

[Lars Magne Ingebrigtsen]

"Perry E. Metzger" <address@hidden> writes:

> Once you've listened to the secret service or DEA chatting on the
> radio in the clear by accident because they don't realize they
> inadvertently turned off the encryption on their P25 radios (which is
> trivial to do by accident and provides no warning feedback) you
> realize that essentially *no* user can be trusted with such decisions
> in the average case.

[...]

> Really the only safe system follows "there should be only one
> mode, and it should be secure".

This is alarmist nonsense.

It's telling that your example is a case where, perhaps, it might have
made a difference whether the communication was secure or not.

However, the common case for a normal user is when you're binging around
for a solution as to why your Foobarzot device is not responding when
you're fsck-ing it, and the only place you can find discussion on this
topic is on a mailing list archive that has an expired certificate.

Do you still want to read that mailing list archive?  Yes.  You do.  

In real life, virtually all situations where the security of the
communication channel can't be verified, you simply don't care at all.
When you care, you usually know, because you work for the DEA or you're
trying to pay a bill via your bank.

The super-alarmist "don't allow the user to do what she obviously wants
to do" just makes the user to disable all security.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no