Re: Network security manager

[Ted Zlatanov]

On Mon, 17 Nov 2014 16:22:57 +0100 Lars Magne Ingebrigtsen <address@hidden> 
wrote: 

LMI> Ted Zlatanov <address@hidden> writes:
>> I don't know how complicated it will be internally, but I don't think it
>> will endanger any existing functionality (except TLS connections, of
>> course).

LMI> Let's say you fetch mail from pop3 from a server that has a self-signed
LMI> certificate as a batch job.  The network security manager will say "The
LMI> server uses a self-signed certificate, so Emacs can't verify the
LMI> authenticity of the server.  Connect anyway? (no, this session only,
LMI> always)" (or something like that).

How common is this scenario and how strongly do you feel we should
support it?

Generally we could distinguish between POP3 and SMTP and IMAP and such,
where self-signed certificates are common, and HTTP/S and generic
connections, where they aren't. Does that seem reasonable?

I would personally prefer forcing the user to run interactively at least
once and accept the certificate.  Too much magic is sure to complicate
everyone's life.

LMI> But since it's a batch job, we can't ask the user, and the connection
LMI> will fail.  (Unless we decide to have the batch default be the
LMI> opposite -- always answer "this session only".)

I'd add a CLI option --insecure/-k (same as curl) to override the
default, but no more than that, and without special --batch behavior.

LMI> So perhaps it's better for Emacs 25.1?

LMI> Especially if we can release 25.1 in a timely manner.  >"? 

I really would prefer that we treat this as a bug.  It's unfortunate
that resolving it is complicated, but we've delayed the fix for a while.

Can you please work against emacs-24? It's easy enough to apply the
changes to master if that's the final decision and I don't think master
has anything you need. Except maybe the read-only text property thing
you added.

Ted