Gmane with Gnus first timer

Gmane with Gnus first timer

[Maxim Cournoyer]

Hello Gnusers!

I've started experimenting with Gmane[1], and it seems very useful at
easily navigating archived mailing lists!

I thought I'd share some of the details for NNTP neophytes like me; I
had the good fortune to be helped on the IRC #gnus channel by
sixbitslacker, who shared important bits of their config as well as
the Gmane's X.509 certificate necessary for proper TLS authentication.

* Gnus configuration

The first thing I did was adding a select method to my Gnus
configuration. I already had a `gnus-select-method' defined with my
email server, so I used `gnus-secondary-select-methods' for Gmane:

--8<---------------cut here---------------start------------->8---
;; To be put in your ~/.gnus.el or similar.
(setq gnus-secondary-select-methods
 '((nntp "gmane"
         (nntp-address "news.gmane.org"))))
--8<---------------cut here---------------end--------------->8---

* Gmane TLS certificate

I then started Gnus. I was greeted with a warning that said:

--8<---------------cut here---------------start------------->8---
Certificate information
Issued by:            news.gmane.org
Issued to:            Gmane
Hostname:             news.gmane.org
Public key:           RSA, signature: RSA-SHA1
Protocol:             TLS1.2, key: RSA, cipher: AES-256-GCM, mac: AEAD
Security level:       Low
Valid:                From 2015-01-13 to 2018-01-12


The TLS connection to news.gmane.org:nntp is insecure for the
following reasons:

certificate signer was not found (self-signed)
certificate was signed with an insecure algorithm
the certificate was signed by an unknown and therefore unstrusted authority
certificate could not be verified
--8<---------------cut here---------------end--------------->8---

While we can't do anything about the weak SHA1 signature, we can at
least fix the other warnings by trusting the self-signed certificate
that Gmane is using.

To do so, we must first retrieve the X.509 certificate that Gmane
uses. The OpenSSL package provides a mean to do so (credits to
sixbitslacker):

openssl s_client -starttls smtp -connect news.gmane.org:119

Amongst the output you should find the server certificate, which is:

--8<---------------cut here---------------start------------->8---
-----BEGIN CERTIFICATE-----
MIICwjCCAiugAwIBAgIJAJOYYw06tv/WMA0GCSqGSIb3DQEBBQUAMEsxCzAJBgNV
BAYTAk5PMRMwEQYDVQQIEwpTb21lLVN0YXRlMQ4wDAYDVQQKEwVHbWFuZTEXMBUG
A1UEAxMObmV3cy5nbWFuZS5vcmcwHhcNMTUwMTEzMjExMzQ2WhcNMTgwMTEyMjEx
MzQ2WjBLMQswCQYDVQQGEwJOTzETMBEGA1UECBMKU29tZS1TdGF0ZTEOMAwGA1UE
ChMFR21hbmUxFzAVBgNVBAMTDm5ld3MuZ21hbmUub3JnMIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQDK4MBGhSVg3O/L0U7ME7D4kmiPShwxmu6NZzQ5UsBV3S5H
qzPBEaInGUqX0IJX2pGVMKTGOmy+Sz0aJYcKQJdJ1Zq9LAtUOk7gflxX4z4wrcng
9bRz1z8D3/KJFyTrELZyEC8DkKEwbO4LxO3QrfxNXOkpuVZ0eUlP/AwVGN9D+QID
AQABo4GtMIGqMB0GA1UdDgQWBBRCnZpe5p9+0CKQoFm/RVzp/EmUTzB7BgNVHSME
dDBygBRCnZpe5p9+0CKQoFm/RVzp/EmUT6FPpE0wSzELMAkGA1UEBhMCTk8xEzAR
BgNVBAgTClNvbWUtU3RhdGUxDjAMBgNVBAoTBUdtYW5lMRcwFQYDVQQDEw5uZXdz
LmdtYW5lLm9yZ4IJAJOYYw06tv/WMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF
BQADgYEAQgcrfK9IN7DfqIGVwuhHZRBskbcTyD0oh11zUrr1s44sEq4pWT/ht42C
Cpn4g+mCCOLewLT+MAHxs7Acxbkxd+lQyRVWknVLHNQL48dUrQX9QCEZVcLHcZmL
w2mmmDMfRgLNKdNDO60BMtK/EGGaaYmLY+B4EzQtSVGRZfANXLg=
-----END CERTIFICATE-----
--8<---------------cut here---------------end--------------->8---

Save this file somewhere, say, to "~/.gnutls/gmane.pem". Now we must
configure Emacs to trust this certificate. One easy way is to add this
line to your ~/.emacs file:

(add-to-list 'gnutls-trustfile "~/.gnutls/gmane.pem")

Another other options to make it globally trusted would be to place the
file under /etc/

Eval this line (C-M-x or C-x C-e on that s-exp) and restart Gnus. The
only remaining warning should be the one about the weak SHA1 signature:

When I did, Emacs still complained that the server was deemed insecure
because the "certificate signer was not found (self-signed)". I am not
sure why it persists warning me about a self-signed certificate after
I've explicitly given it my trust, nor do I know why the weak SHA1 issue
is not raised anymore... But anyway, I consider our due diligence done,
so at this point you may choose "Always" when presented the security
prompt.

* Browsing lists with Gmane

You should now be in the plain old *Group* buffer, with nothing new in
it. To actually navigate the mailing lists archived by Gmane, you may
press the '^' key to show a list of the known servers. It should contain
an entry for the newly added news.gmane.org news server, such as:

{nntp:gmane} (opened)

Finally, by clicking (on typing RET) on that gmane entry, you should now
have access to a huge collection of archived mailing lists (31682 at the
time of writing), which can be comfortably browsed in a Gnusy way. You
can also subscribe using 'u', to show some of these in your *Group*
buffer.

* Posting to a Gmane

Instead of sending an email with 'm', you can now send an article (the
equivalent in the world of news) with the 'a' key. This long text is my
first attempt at doing so; if you received it, it's because it worked!

Happy hacking,

Maxim

[1]  http://gmane.org

Re: Gmane with Gnus first timer

[Alberto Luaces]

Maxim Cournoyer writes:

> When I did, Emacs still complained that the server was deemed insecure
> because the "certificate signer was not found (self-signed)". I am not
> sure why it persists warning me about a self-signed certificate after
> I've explicitly given it my trust, nor do I know why the weak SHA1 issue
> is not raised anymore... But anyway, I consider our due diligence done,
> so at this point you may choose "Always" when presented the security
> prompt.

Thanks for the guide and congratulations for your new configuration.

I think all the hassle about the certificate is not worth the pain,
since after all you are downloading it by the same insecure method.

In this case I think it doesn't really matter, since all the lists and
postings are public.

-- 
Alberto

Re: Gmane with Gnus first timer

[Maxim Cournoyer]

Hello Alberto!

Alberto Luaces <aluaces@udc.es> writes:

> Maxim Cournoyer writes:
>
>> When I did, Emacs still complained that the server was deemed insecure
>> because the "certificate signer was not found (self-signed)". I am not
>> sure why it persists warning me about a self-signed certificate after
>> I've explicitly given it my trust, nor do I know why the weak SHA1 issue
>> is not raised anymore... But anyway, I consider our due diligence done,
>> so at this point you may choose "Always" when presented the security
>> prompt.
>
> Thanks for the guide and congratulations for your new configuration.
>
> I think all the hassle about the certificate is not worth the pain,
> since after all you are downloading it by the same insecure method.

Are you sure the data obtained from news.gmane.org is not funneled
through TLS? And why would Emacs warn about Gmane TLS problems
otherwise? The Gnus manual has this to say about the
`nntp-open-network-stream':

    This is the default, and simply connects to some port or other on the
    remote system. If both Emacs and the server supports it, the connection
    will be upgraded to an encrypted STARTTLS connection automatically.

> In this case I think it doesn't really matter, since all the lists and
> postings are public.

Since it is public, you are correct that it doesn't play a role in
privacy, but it does in making sure that the communication link between
you and the Gmane server is not susceptible to man-in-the-middle
attacks, which is a nice property. In theory Malefoy could otherwise
turn a peaceful discussion into a flame war or whatnot ;).

Maxim

[1]  http://gnus.org/manual/gnus_82.html

Re: Gmane with Gnus first timer

[Alberto Luaces]

Hi Maxim,

Maxim Cournoyer writes:

> Are you sure the data obtained from news.gmane.org is not funneled
> through TLS? And why would Emacs warn about Gmane TLS problems
> otherwise? The Gnus manual has this to say about the
> `nntp-open-network-stream':
>
>     This is the default, and simply connects to some port or other on the
>     remote system. If both Emacs and the server supports it, the connection
>     will be upgraded to an encrypted STARTTLS connection automatically.
>

Yes, you are right in the TLS part, but I was referring to the trust you
are putting into a certificate you have also downloaded in an insecure
way.  The certificate system only works if it is signed by someone you
already trust.  If the certificate is self-signed, the only safe way to
check that it is the valid one would be to exchange fingerprints with
the owner by means of a different secure channel (telephone, USB
exchange...)

Otherwise you can suffer from a man-in-the-middle attack even the whole
communication is encrypted.

>
>> In this case I think it doesn't really matter, since all the lists and
>> postings are public.
>
> Since it is public, you are correct that it doesn't play a role in
> privacy, but it does in making sure that the communication link between
> you and the Gmane server is not susceptible to man-in-the-middle
> attacks, which is a nice property. In theory Malefoy could otherwise
> turn a peaceful discussion into a flame war or whatnot ;).

Yes, MITM is still possible, as described before.  In this case there is
no solution if you do not have some kind of trust network before (being
it gpg, SSL or something else).

-- 
Alberto

Re: Gmane with Gnus first timer

[Maxim Cournoyer]

Alberto Luaces <aluaces@udc.es> writes:

> Hi Maxim,
>
> Maxim Cournoyer writes:
>
>> Are you sure the data obtained from news.gmane.org is not funneled
>> through TLS? And why would Emacs warn about Gmane TLS problems
>> otherwise? The Gnus manual has this to say about the
>> `nntp-open-network-stream':
>>
>>     This is the default, and simply connects to some port or other on the
>>     remote system. If both Emacs and the server supports it, the connection
>>     will be upgraded to an encrypted STARTTLS connection automatically.
>>
>
> Yes, you are right in the TLS part, but I was referring to the trust you
> are putting into a certificate you have also downloaded in an insecure
> way.  The certificate system only works if it is signed by someone you
> already trust.  If the certificate is self-signed, the only safe way to
> check that it is the valid one would be to exchange fingerprints with
> the owner by means of a different secure channel (telephone, USB
> exchange...)
>
> Otherwise you can suffer from a man-in-the-middle attack even the whole
> communication is encrypted.

Good point! I hadn't given much thought about that one. Still, while
flawed, the exercise of trusting the news.gmane.org server is not
totally pointless: if I was lucky enough to retrieve the certificate
at a time before Malefoy compromised the communication, then I'm at least
protected against later attacks.

Thanks for sharing this important limitation. After Gmane's totally
back, it would be nice that the self-signed certificate be upgraded to a
free Let's Encrypt[1].

Maxim

[1]  https://en.wikipedia.org/wiki/Let's_Encrypt

Re: Gmane with Gnus first timer

[Alberto Luaces]

Maxim Cournoyer writes:

> Alberto Luaces <aluaces@udc.es> writes:
>
>> Hi Maxim,
>>
>> Maxim Cournoyer writes:
>>
>>> Are you sure the data obtained from news.gmane.org is not funneled
>>> through TLS? And why would Emacs warn about Gmane TLS problems
>>> otherwise? The Gnus manual has this to say about the
>>> `nntp-open-network-stream':
>>>
>>>     This is the default, and simply connects to some port or other on the
>>>     remote system. If both Emacs and the server supports it, the connection
>>>     will be upgraded to an encrypted STARTTLS connection automatically.
>>>
>>
>> Yes, you are right in the TLS part, but I was referring to the trust you
>> are putting into a certificate you have also downloaded in an insecure
>> way.  The certificate system only works if it is signed by someone you
>> already trust.  If the certificate is self-signed, the only safe way to
>> check that it is the valid one would be to exchange fingerprints with
>> the owner by means of a different secure channel (telephone, USB
>> exchange...)
>>
>> Otherwise you can suffer from a man-in-the-middle attack even the whole
>> communication is encrypted.
>
> Good point! I hadn't given much thought about that one. Still, while
> flawed, the exercise of trusting the news.gmane.org server is not
> totally pointless: if I was lucky enough to retrieve the certificate
> at a time before Malefoy compromised the communication, then I'm at least
> protected against later attacks.
>
> Thanks for sharing this important limitation. After Gmane's totally
> back, it would be nice that the self-signed certificate be upgraded to a
> free Let's Encrypt[1].

I fully agree.  With LE, the excuses for not having a proper SSL system
are not valid anymore.

Regards,

-- 
Alberto