From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.user/18730 Path: news.gmane.org!.POSTED!not-for-mail From: Maxim Cournoyer Newsgroups: gmane.emacs.gnus.user Subject: Re: Gmane with Gnus first timer Date: Wed, 27 Sep 2017 15:57:35 -0400 Message-ID: <87k20j3oeo.fsf@gmail.com> References: <877ewk41ll.fsf@gmail.com> <874lrounzu.fsf@eps142.cdf.udc.es> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Trace: blaine.gmane.org 1506542407 892 195.159.176.226 (27 Sep 2017 20:00:07 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Wed, 27 Sep 2017 20:00:07 +0000 (UTC) User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) To: info-gnus-english@gnu.org Original-X-From: info-gnus-english-bounces+gegu-info-gnus-english=m.gmane.org@gnu.org Wed Sep 27 22:00:03 2017 Return-path: Envelope-to: gegu-info-gnus-english@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dxIUx-0008Gc-S3 for gegu-info-gnus-english@m.gmane.org; Wed, 27 Sep 2017 21:59:59 +0200 Original-Received: from localhost ([::1]:56160 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dxIV5-0000Qw-80 for gegu-info-gnus-english@m.gmane.org; Wed, 27 Sep 2017 16:00:07 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:47800) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dxIT7-0007D6-2q for info-gnus-english@gnu.org; Wed, 27 Sep 2017 15:58:08 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dxIT2-0007c9-Is for info-gnus-english@gnu.org; Wed, 27 Sep 2017 15:58:05 -0400 Original-Received: from [195.159.176.226] (port=58881 helo=blaine.gmane.org) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dxIT2-0007ba-CP for info-gnus-english@gnu.org; Wed, 27 Sep 2017 15:58:00 -0400 Original-Received: from list by blaine.gmane.org with local (Exim 4.84_2) (envelope-from ) id 1dxISh-000802-Ty for info-gnus-english@gnu.org; Wed, 27 Sep 2017 21:57:39 +0200 X-Injected-Via-Gmane: http://gmane.org/ Original-Lines: 40 Original-X-Complaints-To: usenet@blaine.gmane.org Cancel-Lock: sha1:Fuq/8zbYZbMmlzd2YP70QHMwD4g= X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 195.159.176.226 X-BeenThere: info-gnus-english@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Announcements and discussions for GNUS, the GNU Emacs Usenet newsreader \(in English\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: info-gnus-english-bounces+gegu-info-gnus-english=m.gmane.org@gnu.org Original-Sender: "info-gnus-english" Xref: news.gmane.org gmane.emacs.gnus.user:18730 Archived-At: Hello Alberto! Alberto Luaces writes: > Maxim Cournoyer writes: > >> When I did, Emacs still complained that the server was deemed insecure >> because the "certificate signer was not found (self-signed)". I am not >> sure why it persists warning me about a self-signed certificate after >> I've explicitly given it my trust, nor do I know why the weak SHA1 issue >> is not raised anymore... But anyway, I consider our due diligence done, >> so at this point you may choose "Always" when presented the security >> prompt. > > Thanks for the guide and congratulations for your new configuration. > > I think all the hassle about the certificate is not worth the pain, > since after all you are downloading it by the same insecure method. Are you sure the data obtained from news.gmane.org is not funneled through TLS? And why would Emacs warn about Gmane TLS problems otherwise? The Gnus manual has this to say about the `nntp-open-network-stream': This is the default, and simply connects to some port or other on the remote system. If both Emacs and the server supports it, the connection will be upgraded to an encrypted STARTTLS connection automatically. > In this case I think it doesn't really matter, since all the lists and > postings are public. Since it is public, you are correct that it doesn't play a role in privacy, but it does in making sure that the communication link between you and the Gmane server is not susceptible to man-in-the-middle attacks, which is a nice property. In theory Malefoy could otherwise turn a peaceful discussion into a flame war or whatnot ;). Maxim [1] http://gnus.org/manual/gnus_82.html