[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Network security manager

From: Lars Magne Ingebrigtsen
Subject: Re: Network security manager
Date: Tue, 18 Nov 2014 23:13:29 +0100
User-agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/24.4.51 (gnu/linux)

Toke Høiland-Jørgensen <address@hidden> writes:

> Lars Magne Ingebrigtsen <address@hidden> writes:
>>> I just tried running the thing; it does ask for verification when
>>> connecting to news.gwene.org, but I can't get it to ask to trust a
>>> fingerprint when connecting to my mail server (which has a cert that
>>> otherwise verifies)?
>> If the certificate is valid, then nothing is queried.
> Well I'd like to request that feature, please. This is the idea behind
> TOFU: Only connect if the cert is in the database, whether it is
> otherwise valid or not...

Then I misunderstood TOFU -- I thought it was about certificate
pinning.  The first time you connect, you don't have much to compare it
against, so it seemed superfluous to query the user about it.

And that's going to be a *lot* of querying if you're using Emacs to
browse the web.

But I can move the present pinning code down to `high', and then add
"query on first usage" on `paranoid'?

(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

reply via email to

[Prev in Thread] Current Thread [Next in Thread]