emacs-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Network Security Manager merge time?


From: Lars Magne Ingebrigtsen
Subject: Re: Network Security Manager merge time?
Date: Tue, 25 Nov 2014 17:30:36 +0100
User-agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux)

Ted Zlatanov <address@hidden> writes:

> I think we should now do the following:
>
> * deprecate `gnutls-verify-error' in favor of `network-security-level'
>
> * to help the migration, map :trustfiles and :hostname to 'medium (IIUC)

I think that proper Professional Security Professionals won't trust that
us lowly Emacs developers can get something as sacred as this stuff
right, so they will still want to be able to instruct the gnutls library
to refuse connections directly.

And I see no great reason why we can't do that.  I mean, the code is
already there.  The only downside is that we could get rid of some code,
and there would only be one thing for users to consider customising
instead of two, so it would allow us to get rid of that potential
confusion.

But I have no strong opinions on this.  Anybody?

> * add the ability to set the `network-security-level' per hostname regex

I still don't see the use case.  :-) The only reason to bump the level
over `medium' is that the user is worried that the NSA is paying a rogue
CA to issue certificates for your bank, and if you are, you should be
running on `high' always.

And `medium' is so unintrusive that I hope that nobody will feel the
need to run with `low'.  If they feel that need, then we've misdesigned
something.

> * put the 'gnutls customization group next to 'nsm under 'comm

Yeah, that would be nice.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no



reply via email to

[Prev in Thread] Current Thread [Next in Thread]