[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Network Security Manager merge time?
From: |
Ted Zlatanov |
Subject: |
Re: Network Security Manager merge time? |
Date: |
Wed, 19 Nov 2014 13:34:53 -0500 |
User-agent: |
Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux) |
On Wed, 19 Nov 2014 18:59:16 +0100 Lars Magne Ingebrigtsen <address@hidden>
wrote:
LMI> Ted Zlatanov <address@hidden> writes:
>> I'd rather deprecate it in favor of `nsm-security-level', especially if
>> you're OK with the ability to set the level per host or subnet, and per
>> service. The `gnutls-verify-error' checks are all 'medium I think.
LMI> I can imagine that some people would rather leave all this up to
LMI> gnutls...
As far as user-level customization, I'd rather not have multiple
variables. The checks will be done the same way, just based on
`network-security-level' instead of specific checkboxes like now.
>> (And I'd name or alias that NSM variable to `network-security-level'
>> because "nsm" means nothing to a new user, assuming NSM will be loaded
>> by default.)
LMI> Yes.
Cool!
>> (Oh, and I'd make `nsm-save-host-names' t by default, because your
>> worries about information leakage are in the 'high or above security
>> level IMO :)
LMI> Heh. But ssh has the same paranoid defaults, I think.
I was going to say it doesn't for me on Ubuntu, but apparently in the
last N months+years the default has changed quietly. So now I have no
idea how many of my known_hosts are for virtual machines or other
disposable SSH servers. Grrrrrrreat. Ah, here's why, from the
ssh_config man page:
Note that the Debian openssh-client package sets several options as
standard in /etc/ssh/ssh_config which are not the default in ssh(1):
...
· HashKnownHosts yes
· GSSAPIAuthentication yes
I'll be disabling that one...
Ted
- Network Security Manager merge time?, Lars Magne Ingebrigtsen, 2014/11/19
- Re: Network Security Manager merge time?, Ted Zlatanov, 2014/11/19
- Re: Network Security Manager merge time?, Lars Magne Ingebrigtsen, 2014/11/19
- Re: Network Security Manager merge time?, Ted Zlatanov, 2014/11/19
- Re: Network Security Manager merge time?, Lars Magne Ingebrigtsen, 2014/11/21
- Re: Network Security Manager merge time?, Ted Zlatanov, 2014/11/25
- Re: Network Security Manager merge time?, Lars Magne Ingebrigtsen, 2014/11/25
- Re: Network Security Manager merge time?, Ted Zlatanov, 2014/11/25
- Re: Network Security Manager merge time?, Lars Magne Ingebrigtsen, 2014/11/25
- intrusive changes, Ivan Shmakov, 2014/11/25
- Re: intrusive changes, Stefan Monnier, 2014/11/30