Re: Network security manager

[Ted Zlatanov]

On Tue, 18 Nov 2014 15:41:50 +0100 Lars Magne Ingebrigtsen <address@hidden> 
wrote: 

LMI> The related thing I was also going to implement is the "shouldn't this
LMI> connection be encrypted?" thing previously discussed.  That is, if
LMI> you're talking to an IMAP server, you most likely want that connection
LMI> to be encrypted, and if not, Emacs should tell you that it isn't.

LMI> This is trivial to implement in the NSM, but what should the defaults
LMI> be?

Definitely yes.  Unencrypted should be the exception nowadays.

LMI> IMAP, POP3: I think most users would want to be warned here
LMI> SMTP, IRC: I don't think anybody cares
LMI> NNTP: They might care if they're sending a password

IRC should be upgraded if possible.  Freenode at least supports both
modes.

SMTP is tricky.  I would care if sending to an external server but not
internally, and there's no easy way to distinguish them.  Also if the
message itself is encrypted, I wouldn't care.

LMI> Uhm...  is that all the protocols?  I feel I'm forgetting one...

HTTP?  It's certainly recommended to encrypt it nowadays.

Ted