From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Lars Magne Ingebrigtsen Newsgroups: gmane.emacs.bugs Subject: bug#13374: 24.?; open-gnutls-stream insecurity Date: Tue, 08 Jan 2013 05:42:52 +0100 Message-ID: References: <87mwwlz43m.fsf@Black.ICE> <3fhamscn9w.fsf@fencepost.gnu.org> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1357620256 4934 80.91.229.3 (8 Jan 2013 04:44:16 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Tue, 8 Jan 2013 04:44:16 +0000 (UTC) Cc: Oleksii Shevchuk , 13374@debbugs.gnu.org, Ted Zlatanov To: Glenn Morris Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Tue Jan 08 05:44:29 2013 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1TsR32-0001BI-9T for geb-bug-gnu-emacs@m.gmane.org; Tue, 08 Jan 2013 05:44:24 +0100 Original-Received: from localhost ([::1]:43013 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TsR2m-0007HQ-MD for geb-bug-gnu-emacs@m.gmane.org; Mon, 07 Jan 2013 23:44:08 -0500 Original-Received: from eggs.gnu.org ([208.118.235.92]:42102) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TsR2i-0007H9-Nb for bug-gnu-emacs@gnu.org; Mon, 07 Jan 2013 23:44:07 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1TsR2e-000169-V6 for bug-gnu-emacs@gnu.org; Mon, 07 Jan 2013 23:44:04 -0500 Original-Received: from debbugs.gnu.org ([140.186.70.43]:42705) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TsR2e-000164-RL for bug-gnu-emacs@gnu.org; Mon, 07 Jan 2013 23:44:00 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.72) (envelope-from ) id 1TsR2g-0005BN-3J for bug-gnu-emacs@gnu.org; Mon, 07 Jan 2013 23:44:02 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Lars Magne Ingebrigtsen Original-Sender: debbugs-submit-bounces@debbugs.gnu.org Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 08 Jan 2013 04:44:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 13374 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: Original-Received: via spool by 13374-submit@debbugs.gnu.org id=B13374.135762018519845 (code B ref 13374); Tue, 08 Jan 2013 04:44:02 +0000 Original-Received: (at 13374) by debbugs.gnu.org; 8 Jan 2013 04:43:05 +0000 Original-Received: from localhost ([127.0.0.1]:55945 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1TsR1k-0005A1-Pn for submit@debbugs.gnu.org; Mon, 07 Jan 2013 23:43:05 -0500 Original-Received: from hermes.netfonds.no ([80.91.224.195]:39110) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1TsR1i-00059j-GZ for 13374@debbugs.gnu.org; Mon, 07 Jan 2013 23:43:03 -0500 Original-Received: from cm-84.215.51.58.getinternet.no ([84.215.51.58] helo=stories.gnus.org) by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1TsR1Z-0007jt-1K; Tue, 08 Jan 2013 05:42:53 +0100 Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAGFBMVEU1RG9xfKOOpbwJBQgo J0clFCxIXI/k5uLT6dMLAAACLUlEQVQ4jW2TMW/jMAyFmZyhOfId1NnGoVkDqMqsXpjMCSxltg+F 9nrx379HWUoD9DjyEx8faZpsDnfXOfpH0ArsfXpO75flAZ7Si0QFxxYZ3a6vn8FNnkKtLfkKXFuA bv8HuqeSDNw5bit4KU0yeBviuwAzZW8VOG5CvGU7qJmLLxqs88zs13fLYxByMQq4FDPLXEYBGM6B eVvB8gCBh8h+Wp5KMmic92dWavkq2X++APhTYOIxfe1p/tQCIg/Bq0S6q8uYk9YC4skGzyrpsqy+ I1IyoMPofHZK7zGfSUlPRNTiC7rBWVRd/y5LZ1RKkx6JJg3g7jbwKW5n0UFJ2jGUAeLNHkKzwcKx X+TT2NAl0YCVAKROXuuUAdHGwFW8hnDVqymT1pgMyX1os3md9KTbLj2C7BHKNHW66/vZkMIQBRwA 3m95Mm0wwihpcfUGEA4GsqOSESiNacx20fWHuxudSHp6UqAiZbHWn9ZtXxuW1yRtVoDL+W1tUAJG Q6U/wJ++/wXgSXLYlE7iC1dy7Hd2sOGSkr9QMlOdwzqDE4pXGGHfwMA6iVziIF9E9bsYA3safcMF SFyxUwGsOJvKwEEpKJLzghiKqpQd8JRgl73SH6iYakWwkfF1SGG/O9DqKtqs7mkjV9JwBWFwIQYQ kl9af/g6R8BH5DOLtoDdSCvA+QCgMzOkurx5VVzh4qO0kR6JcqwAWSwLFWakR9gaLooafwdiIYf/ DgrJVf8AH5AEItfIuioAAAAASUVORK5CYII= X-Now-Playing: Bel Kanto's _Birds of Passage_ In-Reply-To: <3fhamscn9w.fsf@fencepost.gnu.org> (Glenn Morris's message of "Mon, 07 Jan 2013 23:27:23 -0500") User-Agent: Gnus/5.130006 (Ma Gnus v0.6) Emacs/24.3.50 (gnu/linux) X-MailScanner-ID: 1TsR1Z-0007jt-1K MailScanner-NULL-Check: 1358224973.71521@ROBqnFLGcQ9VR02lvHbLGg X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.13 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:69484 Archived-At: Glenn Morris writes: > Ah well, ok, thanks for the explanation. It sounds then like it's > probably better to leave this for trunk rather than try and force it > into 24.3 at this relatively late stage. Definitely. Deciding on policies for handling opportunistic STARTTLS upgrades combined with certificate failures has to be decided on, too. That is, even if the user hasn't requested a TLS connection, Emacs will auto-negotiate a STARTTLS connection now for virtually all protocol types now. If that "fails" because the certificate is self-signed or expired, do we then want to bother the user by prompting for an action? The user hasn't requested encryption and validation, but then this question comes out of the blue? So, er, someone (ahem) has to go through all the permutations of connection types and failure modes, and write up some stuff. We should also have certificate management code in there somewhere so that the user may be alerted if a privately signed certificate changes, perhaps... -- (domestic pets only, the antidote for overdose, milk.) bloggy blog http://lars.ingebrigtsen.no/