Re: A couple of questions and concerns about Emacs network security

[Jimmy Yuen Ho Wong]

On Sun, Jul 8, 2018 at 3:55 PM Eli Zaretskii <address@hidden> wrote:
>
> > From: Lars Ingebrigtsen <address@hidden>
> > Date: Sun, 08 Jul 2018 16:06:39 +0200
> > Cc: Emacs-Devel devel <address@hidden>
> >
> > But, yes, as Eli says, `paranoid' should perhaps do more for non-TLS
> > connections.  The question is "what", though, because there's no
> > fingerprint (beyond the host/port number) that we can use to verify
> > that a non-TLS connection is to a previously seen host.
>
> We could look at the browsers for inspiration, perhaps?
>

Browsers have only 1 security level, and shows a green padlock on the
address bar for HTTPS, and no padlock for cleartext connection.
There's no warning whatsoever. If you want to do the padlock think,
you might want to do it in EWW and all those Email/Newsgroup packages
instead of NSM.