[9front] Re: "Insecure" icon in gmail

9front - general discussion about 9front
 help / color / mirror / Atom feed

From: Anthony Martin <ality@pbrane.org>
To: 9front@9front.org
Subject: [9front] Re: "Insecure" icon in gmail
Date: Wed, 15 May 2024 18:23:05 -0700	[thread overview]
Message-ID: <ZkVf-SR5UY4LSuYI@alice> (raw)
In-Reply-To: <4C1B6B746BF77B2F88319BBFCBFEB08C@driusan.net>

Dave MacFarlane <driusan@driusan.net> once said:
> 1. Am I missing something obvious?

Nope. The thumbprint(6) style PKI system is simpler but more
tedious compared to the certificate authority system if you're
interacting with a lot of foreign servers that you don't personally
trust but still want to set up a "secure" channel with them. You
have to go with something like the CA system for third party
verification or raw dog it with a trust on first use policy.

> 2. Is there a better way to do this?

Not currently. Note that webfs, ftpfs, aux/wpa, dns over tls, and
probably others do not bother checking the validity of a server's
certificate. This is not ideal. No one has done the work. Alas.

> 3. Would it make sense to add a flag to use startls but not
> validate certificates for upas/smtp?

Perhaps. But it would still be "insecure" even if the Google borg
doesn't show the super serious (see, it's even colored red) flag
on your messages.

Cheers,
  Anthony

next prev parent reply	other threads:[~2024-05-16  1:24 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-05-15 21:21 [9front] " Dave MacFarlane
2024-05-15 21:28 ` Stanley Lieber
2024-05-16  1:23 ` Anthony Martin [this message]
2024-05-16  1:39   ` [9front] " Kurt H Maier
2024-05-16  2:06   ` Dave MacFarlane
2024-05-16  2:51     ` Anthony Martin
2024-05-16 10:27 ` [9front] " cinap_lenrek
2024-05-16 11:01   ` sirjofri
2024-05-18 18:45     ` ori
2024-05-18 20:12       ` hiro
2024-05-18 22:27         ` sirjofri

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ZkVf-SR5UY4LSuYI@alice \
    --to=ality@pbrane.org \
    --cc=9front@9front.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).