[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Network security manager

From: Lars Magne Ingebrigtsen
Subject: Re: Network security manager
Date: Tue, 18 Nov 2014 17:15:09 +0100
User-agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/24.4.51 (gnu/linux)

Ted Zlatanov <address@hidden> writes:

> LMI> Sure...  but since there's almost nothing human-readable (or something a
> LMI> machine can transform into something human-readable), I'm not quite sure
> LMI> what it should display...
> The list of explicitly saved security exceptions.

But they are per sha1, so it's not really feasible to do anything about
it for a human.

> LMI> I mean, I can see a user wanting to say to Emacs "delete everything you
> LMI> know about me contacting news.gmane.org", but there's no real way to
> LMI> match that up to the entries in the file unless you also know the port
> LMI> number/service name used.
> True, but I really don't see the harm in saving those in cleartext.

I don't like the information leakage.

> Like I said, I would use a .gpg file if I was worried about leaking
> that data. With the current approach I think you'll see two problems:

GPG isn't feasible because nobody wants to type passwords.

> 1) cruft will accumulate, since you don't know what's what

Does it matter?

> 2) when servers change names or ports, you don't know what to remove

You don't have to remove anything.  No manual administration should be
necessary.  Unless you want to revoke a security exception.  And then
you might as well just delete the entire file.  It's not like it's a lot
of bother hitting the `a' key a couple times the next time you start

(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

reply via email to

[Prev in Thread] Current Thread [Next in Thread]