[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Additional network security
From: |
Lars Magne Ingebrigtsen |
Subject: |
Re: Additional network security |
Date: |
Sun, 07 Dec 2014 17:41:06 +0100 |
User-agent: |
Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux) |
Ted Zlatanov <address@hidden> writes:
> Given this precedent, I think it would make sense to offer some
> fine-grained control over NSM checks as well, similar to
> `gnutls-verify-error' as I mentioned. We've gone Lispy with the NSM
> configuration, but if we were consistent with the GnuTLS approach, the
> NSM tuning would be simply a string like "paranoid:-crazy" (paranoid but
> not crazy, heh heh). This is still possible:
>
> * map a symbol to its symbol-name
> * parse NSM security levels like GnuTLS priority strings
> * allow setting these strings per host regex
> * PROFIT
>
> WDYT?
I think we should require 100 users demanding this before we implement
it. :-)
But as for the defaults, do you agree with putting RC4, SSL<TLS1.0 and
low bits on `high'?
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
- Additional network security, Lars Magne Ingebrigtsen, 2014/12/05
- Re: Additional network security, Stefan Monnier, 2014/12/05
- Re: Additional network security, Lars Magne Ingebrigtsen, 2014/12/06
- Re: Additional network security, Stefan Monnier, 2014/12/06
- Re: Additional network security, Stephen J. Turnbull, 2014/12/07
- Re: Additional network security, Ted Zlatanov, 2014/12/07
- Re: Additional network security,
Lars Magne Ingebrigtsen <=
- Re: Additional network security, Ted Zlatanov, 2014/12/07
- Re: Additional network security, Lars Magne Ingebrigtsen, 2014/12/07
- Re: Additional network security, Ted Zlatanov, 2014/12/07
- Re: Additional network security, chad, 2014/12/07
- Re: Additional network security, Reiner Steib, 2014/12/18
- Re: Additional network security, Ted Zlatanov, 2014/12/20
- Re: Additional network security, Stephen J. Turnbull, 2014/12/07
- Re: Additional network security, Richard Stallman, 2014/12/07
- Re: Additional network security, Ted Zlatanov, 2014/12/08
- Re: Additional network security, Lars Magne Ingebrigtsen, 2014/12/08