[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Gmane with Gnus first timer
|
From: |
Maxim Cournoyer |
|
Subject: |
Re: Gmane with Gnus first timer |
|
Date: |
Wed, 27 Sep 2017 15:57:35 -0400 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) |
Hello Alberto!
Alberto Luaces <aluaces@udc.es> writes:
> Maxim Cournoyer writes:
>
>> When I did, Emacs still complained that the server was deemed insecure
>> because the "certificate signer was not found (self-signed)". I am not
>> sure why it persists warning me about a self-signed certificate after
>> I've explicitly given it my trust, nor do I know why the weak SHA1 issue
>> is not raised anymore... But anyway, I consider our due diligence done,
>> so at this point you may choose "Always" when presented the security
>> prompt.
>
> Thanks for the guide and congratulations for your new configuration.
>
> I think all the hassle about the certificate is not worth the pain,
> since after all you are downloading it by the same insecure method.
Are you sure the data obtained from news.gmane.org is not funneled
through TLS? And why would Emacs warn about Gmane TLS problems
otherwise? The Gnus manual has this to say about the
`nntp-open-network-stream':
This is the default, and simply connects to some port or other on the
remote system. If both Emacs and the server supports it, the connection
will be upgraded to an encrypted STARTTLS connection automatically.
> In this case I think it doesn't really matter, since all the lists and
> postings are public.
Since it is public, you are correct that it doesn't play a role in
privacy, but it does in making sure that the communication link between
you and the Gmane server is not susceptible to man-in-the-middle
attacks, which is a nice property. In theory Malefoy could otherwise
turn a peaceful discussion into a flame war or whatnot ;).
Maxim
[1] http://gnus.org/manual/gnus_82.html