[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Network security manager

From: Lars Magne Ingebrigtsen
Subject: Re: Network security manager
Date: Tue, 18 Nov 2014 00:26:17 +0100
User-agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux)

There's one slight privacy leak in the security manager.  To keep track
of STARTTLS man-in-the-middle downgrades, nsm needs to store data on all
STARTTLS connections you've made.  A wily hacker (I mean, the NSA) could
use this file to determine what servers you've been talking to.

The ~/.emacs.d/network-security.data will have things like

(:id "sha1:ac7feb949147490ee549b5b6c3ae7edd929ea335" :fingerprint 

it it, where the :id is the sha1 of "host:port", and the latter is the
fingerprint of the certificate.

The wily hacker (I mean, the NSA) wouldn't find it easy to get a list of
the servers (because they would have to check all servers/port names in
existence), but they could use it to check for specific servers.

(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

reply via email to

[Prev in Thread] Current Thread [Next in Thread]