Re: Network security manager

[Tassilo Horn]

Lars Magne Ingebrigtsen <address@hidden> writes:

> The related thing I was also going to implement is the "shouldn't this
> connection be encrypted?" thing previously discussed.  That is, if
> you're talking to an IMAP server, you most likely want that connection
> to be encrypted, and if not, Emacs should tell you that it isn't.
>
> This is trivial to implement in the NSM, but what should the defaults
> be?
>
> IMAP, POP3: I think most users would want to be warned here
> SMTP, IRC: I don't think anybody cares
> NNTP: They might care if they're sending a password

Why do you think that sending passwords unencrypted with SMTP is ok but
with NNTP it's not ok?

So IMHO, I would always expect a warning.  For all those protocols
there's usually an encrypted version (possibly on another port), and in
general everybody should use that.  But of course it's possible that,
say, irc.foobar.org doesn't support encrypted connections, and if so,
I'd prefer to get a warning only the first time I connect.  Maybe some
query like with file-local variables and eval forms would be good where
you can say "No (don't connect)", "Yes (only this time)", "Yes (only
this emacs session)", and "Yes (always)".

> Uhm...  is that all the protocols?  I feel I'm forgetting one...

FTP maybe?

Bye,
Tassilo