Re: Network security manager

[Lars Magne Ingebrigtsen]

Ted Zlatanov <address@hidden> writes:

> LMI> Sure...  but since there's almost nothing human-readable (or something a
> LMI> machine can transform into something human-readable), I'm not quite sure
> LMI> what it should display...
>
> The list of explicitly saved security exceptions.

But they are per sha1, so it's not really feasible to do anything about
it for a human.

> LMI> I mean, I can see a user wanting to say to Emacs "delete everything you
> LMI> know about me contacting news.gmane.org", but there's no real way to
> LMI> match that up to the entries in the file unless you also know the port
> LMI> number/service name used.
>
> True, but I really don't see the harm in saving those in cleartext.

I don't like the information leakage.

> Like I said, I would use a .gpg file if I was worried about leaking
> that data. With the current approach I think you'll see two problems:

GPG isn't feasible because nobody wants to type passwords.

> 1) cruft will accumulate, since you don't know what's what

Does it matter?

> 2) when servers change names or ports, you don't know what to remove

You don't have to remove anything.  No manual administration should be
necessary.  Unless you want to revoke a security exception.  And then
you might as well just delete the entire file.  It's not like it's a lot
of bother hitting the `a' key a couple times the next time you start
up...

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no