Re: Network security manager

[Ted Zlatanov]

On Tue, 18 Nov 2014 00:26:17 +0100 Lars Magne Ingebrigtsen <address@hidden> 
wrote: 

LMI> There's one slight privacy leak in the security manager.  To keep track
LMI> of STARTTLS man-in-the-middle downgrades, nsm needs to store data on all
LMI> STARTTLS connections you've made.  A wily hacker (I mean, the NSA) could
LMI> use this file to determine what servers you've been talking to.

LMI> The ~/.emacs.d/network-security.data will have things like

LMI> (:id "sha1:ac7feb949147490ee549b5b6c3ae7edd929ea335" :fingerprint 
"sha1:c0:ec:2f:01:6c:ff:4a:43:c1:a7:c7:83:4b:48:0b:3a:c5:4e:90:f9")

LMI> it it, where the :id is the sha1 of "host:port", and the latter is the
LMI> fingerprint of the certificate.

LMI> The wily hacker (I mean, the NSA) wouldn't find it easy to get a list of
LMI> the servers (because they would have to check all servers/port names in
LMI> existence), but they could use it to check for specific servers.

You could name the file `~/.emacs.d/network-security.gpg' by default :)

Ted