emacs-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Network security manager


From: Toke Høiland-Jørgensen
Subject: Re: Network security manager
Date: Wed, 19 Nov 2014 07:03:01 +0100

Lars Magne Ingebrigtsen <address@hidden> writes:

> Things that require extensive customisations almost never get used, so
> I'm not sure it's worth it.

Well it would default to something sensible, of course. I'd use it ;)

> Pushed now.

Okay, so the initial prompt on paranoid level works. Would be nice if
the initial prompt popped up the same certificate information as the
other confirmation prompts, to make it easier to verify that it's the
right certificate. That goes for when the fingerprint changes as well, I
suppose...

Once the fingerprint is stored, though, it fails in weird ways. I tried
manually modifying the fingerprint in the network-security.data file (to
make verification fail). This elicits this behaviour:

- On security levels high and paranoid, verification just fails silently
  (open-network-stream returns nil), with no option to update the stored
  fingerprint.

- On security levels low and medium, verification *succeeds*, even
  though a fingerprint is stored that does not match the certificate.

I would consider especially the second point to be a big no-no; even if
the security level is subsequently lowered, having a stored fingerprint
should take precedence and fail the verification. Maybe the "continue
anyway" could cause the stored fingerprint to be removed, but just
continuing regardless is bad IMO.


Finally, GnuTLS has the ability to generate ASCII art of the certificate
public key, like this:

        Public key's random art:
                +--[ RSA 4096]----+
                |           ..o  .|
                |            ooo.o|
                |            .o..o|
                |       .    o + .|
                |      . S    = E |
                |     o . o  .    |
                |      = o .  o   |
                |       B .. .... |
                |     .+ oo..o++  |
                +-----------------+

Supposedly, this should make it possible to verify a certificate at a
glance (relying on human visual memory being superior to our ability to
recognise long strings of alphanumericals). Might be worthwhile to
include this in (some of) the popups? Can't really figure out if I think
it's just a gimmick, or what, but I thought I'd suggest it. Gnutls-cli
uses it... The function is gnutls_random_art().

-Toke



reply via email to

[Prev in Thread] Current Thread [Next in Thread]