Re: Network security manager

[Lars Magne Ingebrigtsen]

There's one slight privacy leak in the security manager.  To keep track
of STARTTLS man-in-the-middle downgrades, nsm needs to store data on all
STARTTLS connections you've made.  A wily hacker (I mean, the NSA) could
use this file to determine what servers you've been talking to.

The ~/.emacs.d/network-security.data will have things like

(:id "sha1:ac7feb949147490ee549b5b6c3ae7edd929ea335" :fingerprint 
"sha1:c0:ec:2f:01:6c:ff:4a:43:c1:a7:c7:83:4b:48:0b:3a:c5:4e:90:f9")

it it, where the :id is the sha1 of "host:port", and the latter is the
fingerprint of the certificate.

The wily hacker (I mean, the NSA) wouldn't find it easy to get a list of
the servers (because they would have to check all servers/port names in
existence), but they could use it to check for specific servers.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no