emacs-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The Network Security Manager is now on the trunk


From: Lars Magne Ingebrigtsen
Subject: Re: The Network Security Manager is now on the trunk
Date: Mon, 24 Nov 2014 17:49:23 +0100
User-agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux)

I've now added a mini-essay to the lispref manual on network security,
but perhaps this sort of thing should be in the Emacs manual instead?

If so, where in the Emacs manual should it be?

(I tried avoiding using the words "NSA" and "China".)

36.15 Network Security
======================

After establishing a network connection, the connection is then passed
on to the Network Security Manager (NSM).

   The `network-security-level' variable determines the security level.
If this is `low', no security checks are performed.

   If this variable is `medium' (which is the default), a number of
checks will be performed.  If the NSM determines that the network
connection might be unsafe, the user is made aware of this, and the NSM
will ask the user what to do about the network connection.

   The user is given the choice of registering a permanent security
exception, a temporary one, or whether to refuse the connection
entirely.

   Below is a list of the checks done on the `medium' level.

unable to verify a TLS certificate
     If the connection is a TLS, SSL or STARTTLS connection, the NSM
     will check whether the certificate used to establish the identity
     of the server we're connecting to can be verified.

     While an invalid certificate is often the cause for concern (there
     may be a Man-in-the-Middle hijacking your network connection and
     stealing your password), there may be valid reasons for going
     ahead with the connection anyway.

     For instance, the server may be using a self-signed certificate, or
     the certificate may have expired.  It's up to the user to determine
     whether it's acceptable to continue the connection.

a self-signed certificate has changed
     If you've previously accepted a self-signed certificate, but it has
     now changed, that either means that the server has just changed the
     certificate, or this might mean that the network connection has
     been hijacked.

previously encrypted connection now unencrypted
     If the connection is unencrypted, but it was encrypted in previous
     sessions, this might mean that there is a proxy between you and the
     server that strips away STARTTLS announcements, leaving the
     connection unencrypted.  This is usually very suspicious.

talking to an unencrypted service when sending a password
     When connecting to an IMAP or POP3 server, these should usually be
     encrypted, because it's common to send passwords over these
     connections.  Similarly, if you're sending email via SMTP that
     requires a password, you usually want that connection to be
     encrypted.  If the connection isn't encrypted, the NSM will warn
     you.


   If `network-security-level' is `high', the following checks will be
made:

a validated certificate changes the public key
     Servers change their keys occasionally, and that is normally
     nothing to be concerned about.  However, if you are worried that
     your network connections are being hijacked by agencies who have
     access to pliable Certificate Authorities that issue new
     certificates for third-party services, you may want to keep track
     of these changes.

   Finally, if `network-security-level' is `paranoid', you will also be
notified the first time the NSM sees any new certificate.  This will
allow you to inspect all the certificates from all the connections that
Emacs makes.


-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no





reply via email to

[Prev in Thread] Current Thread [Next in Thread]