[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Network Security Manager merge time?
From: |
Ted Zlatanov |
Subject: |
Re: Network Security Manager merge time? |
Date: |
Wed, 19 Nov 2014 12:30:25 -0500 |
User-agent: |
Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux) |
On Wed, 19 Nov 2014 17:53:07 +0100 Lars Magne Ingebrigtsen <address@hidden>
wrote:
LMI> Ted Zlatanov <address@hidden> writes:
>> Does it deprecate `gnutls-verify-error'? If so, we should note that.
LMI> No, all the boot-time checks are still in there, so if the user wants to
LMI> use the gnutls built-in checking stuff instead of the NSM for some
LMI> reason or other, that's still possible.
I'd rather deprecate it in favor of `nsm-security-level', especially if
you're OK with the ability to set the level per host or subnet, and per
service. The `gnutls-verify-error' checks are all 'medium I think.
(And I'd name or alias that NSM variable to `network-security-level'
because "nsm" means nothing to a new user, assuming NSM will be loaded
by default.)
(Oh, and I'd make `nsm-save-host-names' t by default, because your
worries about information leakage are in the 'high or above security
level IMO :)
Parenthetically
Ted
- Network Security Manager merge time?, Lars Magne Ingebrigtsen, 2014/11/19
- Re: Network Security Manager merge time?, Ted Zlatanov, 2014/11/19
- Re: Network Security Manager merge time?, Lars Magne Ingebrigtsen, 2014/11/19
- Re: Network Security Manager merge time?, Ted Zlatanov, 2014/11/19
- Re: Network Security Manager merge time?, Lars Magne Ingebrigtsen, 2014/11/21
- Re: Network Security Manager merge time?, Ted Zlatanov, 2014/11/25
- Re: Network Security Manager merge time?, Lars Magne Ingebrigtsen, 2014/11/25
- Re: Network Security Manager merge time?, Ted Zlatanov, 2014/11/25
- Re: Network Security Manager merge time?, Lars Magne Ingebrigtsen, 2014/11/25