From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Ivan Shmakov Newsgroups: gmane.emacs.bugs Subject: bug#19284: 25.0.50; tls.el uses option --insecure Date: Tue, 29 Dec 2015 19:25:48 +0000 Message-ID: <87y4cdvyyr.fsf@violet.siamics.net> References: <86iohpq3w2.fsf@informationelle-selbstbestimmung-im-internet.de> <87k2o0q5by.fsf@gnus.org> <87k2ny1b8a.fsf@lifelogs.com> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Trace: ger.gmane.org 1451417247 25525 80.91.229.3 (29 Dec 2015 19:27:27 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Tue, 29 Dec 2015 19:27:27 +0000 (UTC) To: 19284@debbugs.gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Tue Dec 29 20:27:15 2015 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1aDzvM-0005OP-Tt for geb-bug-gnu-emacs@m.gmane.org; Tue, 29 Dec 2015 20:27:13 +0100 Original-Received: from localhost ([::1]:49836 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aDzvL-0000nG-Tr for geb-bug-gnu-emacs@m.gmane.org; Tue, 29 Dec 2015 14:27:11 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:56256) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aDzvG-0000n9-8D for bug-gnu-emacs@gnu.org; Tue, 29 Dec 2015 14:27:07 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aDzvC-0006I0-6p for bug-gnu-emacs@gnu.org; Tue, 29 Dec 2015 14:27:06 -0500 Original-Received: from debbugs.gnu.org ([208.118.235.43]:41312) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aDzvB-0006Hw-QN for bug-gnu-emacs@gnu.org; Tue, 29 Dec 2015 14:27:02 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84) (envelope-from ) id 1aDzvB-0006YG-Jb for bug-gnu-emacs@gnu.org; Tue, 29 Dec 2015 14:27:01 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Ivan Shmakov Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 29 Dec 2015 19:27:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19284 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: fixed security Original-Received: via spool by 19284-submit@debbugs.gnu.org id=B19284.145141716425111 (code B ref 19284); Tue, 29 Dec 2015 19:27:01 +0000 Original-Received: (at 19284) by debbugs.gnu.org; 29 Dec 2015 19:26:04 +0000 Original-Received: from localhost ([127.0.0.1]:48914 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aDzuG-0006Wx-1J for submit@debbugs.gnu.org; Tue, 29 Dec 2015 14:26:04 -0500 Original-Received: from fely.am-1.org ([78.47.74.50]:32850) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aDzuD-0006WW-MO for 19284@debbugs.gnu.org; Tue, 29 Dec 2015 14:26:02 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=siamics.net; s=a2013295; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:In-Reply-To:Date:Sender:References:Subject:To:From; bh=SETIs3qcwOpP6PMq8+kv6/7duZpN/8awtW1rfuCpPe4=; b=BaXpH4nwGe2HvEq4p6DtFfDzZUCJctWnrePbrYZqACDf6UhYBPJpEE6fP2WzPUQMSJn/y1b86jALUfup/Ng0adHd+TUMDlPIabP45hdbq6wY6nbRzqO558Ph0QI3cSmpHpKMfgBy4/SbMfhLoROblxGcH7HHp07ImLB3R1zfR6k=; Original-Received: from violet.siamics.net ([2001:470:1f13:1eb::1:1d]) by fely.am-1.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from ) id 1aDzuB-0005k7-AD for 19284@debbugs.gnu.org; Tue, 29 Dec 2015 19:25:59 +0000 Original-Received: from localhost ([::1] helo=violet.siamics.net) by violet.siamics.net with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from ) id 1aDzu0-00017V-Nk for 19284@debbugs.gnu.org; Wed, 30 Dec 2015 02:25:48 +0700 In-Reply-To: <87k2ny1b8a.fsf@lifelogs.com> (Ted Zlatanov's message of "Mon, 28 Dec 2015 17:04:21 -0500") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.4 (gnu/linux) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:110976 Archived-At: >>>>> Ted Zlatanov writes: >>>>> On Sat, 26 Dec 2015 22:15:45 +0100 Lars Ingebrigtsen wrote: >> As Stefan said in a different report -- perhaps we should just >> require Emacs with built-in TLS support if you want to use TLS. >> That would essentially mean that we should just remove tls.el and >> starttls.el. =20=20 >> Alternatively we could, in Emacs 25.1, just remove the --insecure >> settings FWIW, I tend to support this option. >> and let people who try to connect to their IMAP server just fail >> somewhat mysteriously (it's very common to have self-signed certs >> for IMAP). I see little value in self-signed certificates in general, especially given that there=E2=80=99s for a long-time a community-driven CA who offer X.509 certificates free of charge. Sure, for a small group, and assuming typical =E2=80=9Cdesktop=E2=80=9D TLS clients, self-signed certificates can be used to implement a public key dissemination model akin to that=E2=80=99s typical of SSH. However, I=E2=80=99ve seen them being used on MXes facing the world (say, the MX that serves bugs.debian.org), and I fail to see any point whatsoever in that. > I am in favor of either option and I think the first is cleaner. > There will be a small but vocal group that wants to use the external > tunnel utility. =E2=80=A6 Or there will be a group with a small number of its members being vocal; the difference may be not that easy to tell. To note is that Gnus=E2=80=99 nnimap method has its own =E2=80=9Ctunnel ut= ility=E2=80=9D support, which I use to interface the local IMAP server (below), and which (I suppose) could be used in place of tls.el. (nnimap-stream shell) (nnimap-shell-program "MAIL=3Dmaildir:\"$HOME\"/Maildir imapd") That said, the lack of possibility to use something similar for non-nnimap connections is not something I=E2=80=99d appreciate. I=E2=80=99ve sure seen external utility support in other software, too. Check the OpenSSH client=E2=80=99s ProxyCommand option, for instance. > I think the benefit to the rest of the users will be worth it, and > that group can have a ELPA package to support them. As long as the hooks are in place to route the requests via that package, I have no (strong) objections to the move. But given that tls.el is about 300=C2=A0LoC in total, and hardly incurs a high maintenance cost, I don=E2=80=99t see much value in the move, either. --=20 FSF associate member #7257 http://am-1.org/~ivan/ =E2=80=A6 3013 B6A0= 230E 334A