Re: Network security manager

[Lars Magne Ingebrigtsen]

Ted Zlatanov <address@hidden> writes:

> Generally we could distinguish between POP3 and SMTP and IMAP and such,
> where self-signed certificates are common, and HTTP/S and generic
> connections, where they aren't. Does that seem reasonable?

The default things we warn about may differ per protocol.  For instance,
I don't really think that anybody expects (or cares) whether their SMTP
connections are encrypted, or whether that encryption is based on a
self-signed or expired certificate.  While they certainly do care with
HTTPS, and probably with POP3, I think.

So there will be a range of security actions we can take here, and in
addition, the user should be allowed to have `low', `medium', `high' and
`professional-security-professional', I mean `paranoid', settings.

> I'd add a CLI option --insecure/-k (same as curl) to override the
> default, but no more than that, and without special --batch behavior.

Yes, that might be nice.

> Can you please work against emacs-24? It's easy enough to apply the
> changes to master if that's the final decision and I don't think master
> has anything you need. Except maybe the read-only text property thing
> you added.

This won't need that, and, yes, I'm doing this based on the emacs-24
tree.  I mean, if I said the right thing to git just now.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no