[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Network Security Manager merge time?

From: Ted Zlatanov
Subject: Re: Network Security Manager merge time?
Date: Wed, 19 Nov 2014 12:30:25 -0500
User-agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux)

On Wed, 19 Nov 2014 17:53:07 +0100 Lars Magne Ingebrigtsen <address@hidden> 

LMI> Ted Zlatanov <address@hidden> writes:
>> Does it deprecate `gnutls-verify-error'?  If so, we should note that.

LMI> No, all the boot-time checks are still in there, so if the user wants to
LMI> use the gnutls built-in checking stuff instead of the NSM for some
LMI> reason or other, that's still possible.

I'd rather deprecate it in favor of `nsm-security-level', especially if
you're OK with the ability to set the level per host or subnet, and per
service. The `gnutls-verify-error' checks are all 'medium I think.

(And I'd name or alias that NSM variable to `network-security-level'
because "nsm" means nothing to a new user, assuming NSM will be loaded
by default.)

(Oh, and I'd make `nsm-save-host-names' t by default, because your
worries about information leakage are in the 'high or above security
level IMO :)


reply via email to

[Prev in Thread] Current Thread [Next in Thread]