[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Additional network security

From: Lars Magne Ingebrigtsen
Subject: Re: Additional network security
Date: Sun, 07 Dec 2014 17:41:06 +0100
User-agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux)

Ted Zlatanov <address@hidden> writes:

> Given this precedent, I think it would make sense to offer some
> fine-grained control over NSM checks as well, similar to
> `gnutls-verify-error' as I mentioned.  We've gone Lispy with the NSM
> configuration, but if we were consistent with the GnuTLS approach, the
> NSM tuning would be simply a string like "paranoid:-crazy" (paranoid but
> not crazy, heh heh).  This is still possible:
> * map a symbol to its symbol-name
> * parse NSM security levels like GnuTLS priority strings
> * allow setting these strings per host regex

I think we should require 100 users demanding this before we implement
it.  :-)

But as for the defaults, do you agree with putting RC4, SSL<TLS1.0 and
low bits on `high'?  

(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

reply via email to

[Prev in Thread] Current Thread [Next in Thread]