Next: Document View, Previous: Host Security, Up: Top
Whenever Emacs establishes any network connection, it passes the established connection to the Network Security Manager (NSM). NSM is responsible for enforcing the network security under your control. Currently, this works by using the Transport Layer Security (TLS) features.
The network-security-level
variable determines the security
level that NSM enforces. If its value is low
, no
security checks are performed.
If this variable is medium
(which is the default), a number of
checks will be performed. If as result NSM determines that
the network connection might not be trustworthy, it will make you
aware of that, and will ask you what to do about the network
connection.
You can decide to register a permanent security exception for an unverified connection, a temporary exception, or refuse the connection entirely.
Below is a list of the checks done on the medium
level.
While an invalid certificate is often the cause for concern (there
could be a Man-in-the-Middle hijacking your network connection and
stealing your password), there may be valid reasons for going ahead
with the connection anyway. For instance, the server may be using a
self-signed certificate, or the certificate may have expired. It's up
to you to determine whether it's acceptable to continue with the
connection.
If network-security-level
is high
, the following checks
will be made, in addition to the above:
Finally, if network-security-level
is paranoid
, you will
also be notified the first time NSM sees any new
certificate. This will allow you to inspect all the certificates from
all the connections that Emacs makes.
The following additional variables can be used to control details of NSM operation:
nsm-settings-file
nsm-save-host-names
STARTTLS
connections. Instead a host/port hash is used to identify connections.
This means that one can't casually read the settings file to see what
servers the user has connected to. If this variable is t
,
NSM will also save host names in the
nsm-settings-file
.