Re: Network security manager

[Toke Høiland-Jørgensen]

Lars Magne Ingebrigtsen <address@hidden> writes:

> On the other hand, we could store the server names in plain text when
> we store security exceptions to make reviews easier. That is, keep the
> hash-only thing for STARTTLS man-in-the-middle tracking and the like,
> but if the user registers an exception, then we'd stash the server
> name in there, too.

Would it make sense to have a hostname-based setting for credentials
storage? I.e. similar to how gnutls-verify-error is currently a hostname
match, I might want to set nsm-security-level per hostname. For
instance, I'd like to have 'paranoid' security for the services I
provide credentials to (most notably my mail server), but would probably
not mind keeping random TLS servers I may happen to download an image
from out of my certificate list file.

> This would avoid leaving a complete list of STARTTLS servers in that
> file, but still allow easy removal of specific exceptions.

OpenSSH has the 'HashKnownHosts' configuration parameter which
determines whether hostnames should be hashed in the trust store
(similar to what you are doing). I tend to turn it off to be able to
find things...

-Toke