[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: The Network Security Manager is now on the trunk
From: |
Lars Magne Ingebrigtsen |
Subject: |
Re: The Network Security Manager is now on the trunk |
Date: |
Mon, 24 Nov 2014 17:49:23 +0100 |
User-agent: |
Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux) |
I've now added a mini-essay to the lispref manual on network security,
but perhaps this sort of thing should be in the Emacs manual instead?
If so, where in the Emacs manual should it be?
(I tried avoiding using the words "NSA" and "China".)
36.15 Network Security
======================
After establishing a network connection, the connection is then passed
on to the Network Security Manager (NSM).
The `network-security-level' variable determines the security level.
If this is `low', no security checks are performed.
If this variable is `medium' (which is the default), a number of
checks will be performed. If the NSM determines that the network
connection might be unsafe, the user is made aware of this, and the NSM
will ask the user what to do about the network connection.
The user is given the choice of registering a permanent security
exception, a temporary one, or whether to refuse the connection
entirely.
Below is a list of the checks done on the `medium' level.
unable to verify a TLS certificate
If the connection is a TLS, SSL or STARTTLS connection, the NSM
will check whether the certificate used to establish the identity
of the server we're connecting to can be verified.
While an invalid certificate is often the cause for concern (there
may be a Man-in-the-Middle hijacking your network connection and
stealing your password), there may be valid reasons for going
ahead with the connection anyway.
For instance, the server may be using a self-signed certificate, or
the certificate may have expired. It's up to the user to determine
whether it's acceptable to continue the connection.
a self-signed certificate has changed
If you've previously accepted a self-signed certificate, but it has
now changed, that either means that the server has just changed the
certificate, or this might mean that the network connection has
been hijacked.
previously encrypted connection now unencrypted
If the connection is unencrypted, but it was encrypted in previous
sessions, this might mean that there is a proxy between you and the
server that strips away STARTTLS announcements, leaving the
connection unencrypted. This is usually very suspicious.
talking to an unencrypted service when sending a password
When connecting to an IMAP or POP3 server, these should usually be
encrypted, because it's common to send passwords over these
connections. Similarly, if you're sending email via SMTP that
requires a password, you usually want that connection to be
encrypted. If the connection isn't encrypted, the NSM will warn
you.
If `network-security-level' is `high', the following checks will be
made:
a validated certificate changes the public key
Servers change their keys occasionally, and that is normally
nothing to be concerned about. However, if you are worried that
your network connections are being hijacked by agencies who have
access to pliable Certificate Authorities that issue new
certificates for third-party services, you may want to keep track
of these changes.
Finally, if `network-security-level' is `paranoid', you will also be
notified the first time the NSM sees any new certificate. This will
allow you to inspect all the certificates from all the connections that
Emacs makes.
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
Re: The Network Security Manager is now on the trunk, Tassilo Horn, 2014/11/23
Re: The Network Security Manager is now on the trunk, Robert Pluim, 2014/11/24
Re: The Network Security Manager is now on the trunk, Lars Magne Ingebrigtsen, 2014/11/24