[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Network security manager
From: |
Lars Magne Ingebrigtsen |
Subject: |
Re: Network security manager |
Date: |
Wed, 19 Nov 2014 15:35:35 +0100 |
User-agent: |
Gnus/5.130012 (Ma Gnus v0.12) Emacs/24.4.51 (gnu/linux) |
Toke Høiland-Jørgensen <address@hidden> writes:
> Once the fingerprint is stored, though, it fails in weird ways. I tried
> manually modifying the fingerprint in the network-security.data file (to
> make verification fail). This elicits this behaviour:
>
> - On security levels high and paranoid, verification just fails silently
> (open-network-stream returns nil), with no option to update the stored
> fingerprint.
I edited a fingerprint, set the level to `high', and then reconnected.
It notified me that it had changed, and then returned the process. So I
seem to be unable to reproduce this.
This is my test case:
(setq process
(open-network-stream
"nntpd" (get-buffer-create "*nntp*") "google.com" "https"
:type 'tls))
> - On security levels low and medium, verification *succeeds*, even
> though a fingerprint is stored that does not match the certificate.
>
> I would consider especially the second point to be a big no-no; even if
> the security level is subsequently lowered, having a stored fingerprint
> should take precedence and fail the verification. Maybe the "continue
> anyway" could cause the stored fingerprint to be removed, but just
> continuing regardless is bad IMO.
No I think that's the correct behaviour. If you want `medium' security,
you only care about whether the certificate is valid or not. And the
google.com certificate is valid, even though it changed.
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
- Re: Network security manager, (continued)
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/23
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/23
- Re: Network security manager, Garreau\, Alexandre, 2014/11/23
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/23
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/23
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/23
- Re: Network security manager, joakim, 2014/11/23
- Re: Network security manager, Stefan Monnier, 2014/11/30
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/30
- Re: Network security manager, Stefan Monnier, 2014/11/30
- Re: Network security manager,
Lars Magne Ingebrigtsen <=
- Re: Network security manager, Toke Høiland-Jørgensen, 2014/11/19
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/19
- Re: Network security manager, Toke Høiland-Jørgensen, 2014/11/19
- Re: Network security manager, Ted Zlatanov, 2014/11/18
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/18
- Re: Network security manager, Toke Høiland-Jørgensen, 2014/11/18
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/18
- Re: Network security manager, Toke Høiland-Jørgensen, 2014/11/18
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/18
- Re: Network security manager, Toke Høiland-Jørgensen, 2014/11/18