[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Gmane with Gnus first timer
|
From: |
Alberto Luaces |
|
Subject: |
Re: Gmane with Gnus first timer |
|
Date: |
Thu, 28 Sep 2017 13:26:30 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) |
Hi Maxim,
Maxim Cournoyer writes:
> Are you sure the data obtained from news.gmane.org is not funneled
> through TLS? And why would Emacs warn about Gmane TLS problems
> otherwise? The Gnus manual has this to say about the
> `nntp-open-network-stream':
>
> This is the default, and simply connects to some port or other on the
> remote system. If both Emacs and the server supports it, the connection
> will be upgraded to an encrypted STARTTLS connection automatically.
>
Yes, you are right in the TLS part, but I was referring to the trust you
are putting into a certificate you have also downloaded in an insecure
way. The certificate system only works if it is signed by someone you
already trust. If the certificate is self-signed, the only safe way to
check that it is the valid one would be to exchange fingerprints with
the owner by means of a different secure channel (telephone, USB
exchange...)
Otherwise you can suffer from a man-in-the-middle attack even the whole
communication is encrypted.
>
>> In this case I think it doesn't really matter, since all the lists and
>> postings are public.
>
> Since it is public, you are correct that it doesn't play a role in
> privacy, but it does in making sure that the communication link between
> you and the Gmane server is not susceptible to man-in-the-middle
> attacks, which is a nice property. In theory Malefoy could otherwise
> turn a peaceful discussion into a flame war or whatnot ;).
Yes, MITM is still possible, as described before. In this case there is
no solution if you do not have some kind of trust network before (being
it gpg, SSL or something else).
--
Alberto