From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Ted Zlatanov Newsgroups: gmane.emacs.bugs Subject: bug#13374: 24.?; open-gnutls-stream insecurity Date: Tue, 08 Jan 2013 09:43:22 -0500 Organization: =?UTF-8?Q?=D0=A2=D0=B5=D0=BE=D0=B4=D0=BE=D1=80_?= =?UTF-8?Q?=D0=97=D0=BB=D0=B0=D1=82=D0=B0=D0=BD=D0=BE=D0=B2?= @ Cienfuegos Message-ID: <871udvhh11.fsf@lifelogs.com> References: <87mwwlz43m.fsf@Black.ICE> <3fhamscn9w.fsf@fencepost.gnu.org> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1357656250 21334 80.91.229.3 (8 Jan 2013 14:44:10 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Tue, 8 Jan 2013 14:44:10 +0000 (UTC) Cc: Oleksii Shevchuk , 13374@debbugs.gnu.org To: Lars Magne Ingebrigtsen Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Tue Jan 08 15:44:27 2013 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1TsaPh-00022j-Dp for geb-bug-gnu-emacs@m.gmane.org; Tue, 08 Jan 2013 15:44:25 +0100 Original-Received: from localhost ([::1]:43743 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TsaPM-00023h-P8 for geb-bug-gnu-emacs@m.gmane.org; Tue, 08 Jan 2013 09:44:04 -0500 Original-Received: from eggs.gnu.org ([208.118.235.92]:36789) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TsaPJ-00021m-KO for bug-gnu-emacs@gnu.org; Tue, 08 Jan 2013 09:44:02 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1TsaPG-0008PC-A0 for bug-gnu-emacs@gnu.org; Tue, 08 Jan 2013 09:44:01 -0500 Original-Received: from debbugs.gnu.org ([140.186.70.43]:43167) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TsaPG-0008P7-6U for bug-gnu-emacs@gnu.org; Tue, 08 Jan 2013 09:43:58 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.72) (envelope-from ) id 1TsaPJ-0003BN-U8 for bug-gnu-emacs@gnu.org; Tue, 08 Jan 2013 09:44:02 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Ted Zlatanov Original-Sender: debbugs-submit-bounces@debbugs.gnu.org Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 08 Jan 2013 14:44:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 13374 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: Original-Received: via spool by 13374-submit@debbugs.gnu.org id=B13374.135765622012198 (code B ref 13374); Tue, 08 Jan 2013 14:44:01 +0000 Original-Received: (at 13374) by debbugs.gnu.org; 8 Jan 2013 14:43:40 +0000 Original-Received: from localhost ([127.0.0.1]:56408 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1TsaOu-0003Ac-2L for submit@debbugs.gnu.org; Tue, 08 Jan 2013 09:43:39 -0500 Original-Received: from z.lifelogs.com ([173.255.230.239]:58855) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1TsaOm-0003AO-6s for 13374@debbugs.gnu.org; Tue, 08 Jan 2013 09:43:34 -0500 Original-Received: from heechee (c-65-96-148-157.hsd1.ma.comcast.net [65.96.148.157]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: tzz) by z.lifelogs.com (Postfix) with ESMTPSA id 41AA56E562; Tue, 8 Jan 2013 14:43:23 +0000 (UTC) X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never Gmane-Reply-To-List: yes In-Reply-To: (Lars Magne Ingebrigtsen's message of "Tue, 08 Jan 2013 05:42:52 +0100") User-Agent: Gnus/5.130006 (Ma Gnus v0.6) Emacs/24.3.50 (gnu/linux) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.13 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:69496 Archived-At: On Tue, 08 Jan 2013 05:42:52 +0100 Lars Magne Ingebrigtsen wrote: LMI> Glenn Morris writes: >> Ah well, ok, thanks for the explanation. It sounds then like it's >> probably better to leave this for trunk rather than try and force it >> into 24.3 at this relatively late stage. LMI> Definitely. LMI> Deciding on policies for handling opportunistic STARTTLS upgrades LMI> combined with certificate failures has to be decided on, too. LMI> That is, even if the user hasn't requested a TLS connection, Emacs will LMI> auto-negotiate a STARTTLS connection now for virtually all protocol LMI> types now. If that "fails" because the certificate is self-signed or LMI> expired, do we then want to bother the user by prompting for an action? LMI> The user hasn't requested encryption and validation, but then this LMI> question comes out of the blue? LMI> So, er, someone (ahem) has to go through all the permutations of LMI> connection types and failure modes, and write up some stuff. We should LMI> also have certificate management code in there somewhere so that the LMI> user may be alerted if a privately signed certificate changes, LMI> perhaps... I propose to set up a verification list with the following format: #+begin_src lisp ((".*\\.gmail.com" . (:verify-hostname-error t :verify-error t)) (".*\\.yahoo.com" . t) ; everything (".*" . nil)) ; nothing #+end_src It should default to nil (in other words, we'll ship 24.3 with the same insecure behavior it has right now). But we can recommend to the users to turn it on, and see how well it works in practice, and write the necessary prompts and customization logic that Lars outlined. I think that's OK for 24.3 since it's a completely unobtrusive change that opens the road for improvements. The main reason I didn't turn cert and hostname verification on sooner is that I wasn't certain that our knowledge of platform CA store filenames and general logic were good enough. But it was always the long-term plan, and I'm glad Oleksii brought it up. Thanks Ted