Hi Maxim, Maxim Cournoyer writes:
> Are you sure the data obtained from news.gmane.org is not funneled > through TLS? And why would Emacs warn about Gmane TLS problems > otherwise? The Gnus manual has this to say about the > `nntp-open-network-stream': > > This is the default, and simply connects to some port or other on the > remote system. If both Emacs and the server supports it, the connection > will be upgraded to an encrypted STARTTLS connection automatically. > Yes, you are right in the TLS part, but I was referring to the trust you are putting into a certificate you have also downloaded in an insecure way. The certificate system only works if it is signed by someone you already trust. If the certificate is self-signed, the only safe way to check that it is the valid one would be to exchange fingerprints with the owner by means of a different secure channel (telephone, USB exchange...) Otherwise you can suffer from a man-in-the-middle attack even the whole communication is encrypted. > >> In this case I think it doesn't really matter, since all the lists and >> postings are public. > > Since it is public, you are correct that it doesn't play a role in > privacy, but it does in making sure that the communication link between > you and the Gmane server is not susceptible to man-in-the-middle > attacks, which is a nice property. In theory Malefoy could otherwise > turn a peaceful discussion into a flame war or whatnot ;). Yes, MITM is still possible, as described before. In this case there is no solution if you do not have some kind of trust network before (being it gpg, SSL or something else). -- Alberto _______________________________________________ info-gnus-english mailing list info-gnus-english@gnu.org https://lists.gnu.org/mailman/listinfo/info-gnus-english
