From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: "Perry E. Metzger" <perry@piermont.com>
Newsgroups: gmane.emacs.devel
Subject: Re: Bug#766395: emacs/gnus: Uses s_client to for SSL.
Date: Thu, 23 Oct 2014 15:42:23 -0400
Message-ID: <20141023154223.45f2c9eb@jabberwock.cb.piermont.com>
References: <20141022193441.GA11872@roeckx.be>
	<87zjcnj2k6.fsf@trouble.defaultvalue.org>
	<E1XhLLS-0005Pt-BQ@fencepost.gnu.org>
	<87mw8mzmxj.fsf@mid.deneb.enyo.de>
	<20141023143702.3897e618@jabberwock.cb.piermont.com>
	<8761fazkx7.fsf@mid.deneb.enyo.de>
	<20141023145721.12ed0820@jabberwock.cb.piermont.com>
	<87vbnay5lf.fsf@mid.deneb.enyo.de>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Trace: ger.gmane.org 1414093364 18424 80.91.229.3 (23 Oct 2014 19:42:44 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Thu, 23 Oct 2014 19:42:44 +0000 (UTC)
Cc: emacs-devel@gnu.org, rms@gnu.org, Rob Browning <rlb@defaultvalue.org>,
	kurt@roeckx.be
To: Florian Weimer <fw@deneb.enyo.de>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Thu Oct 23 21:42:37 2014
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1XhOHH-0003aN-VR
	for ged-emacs-devel@m.gmane.org; Thu, 23 Oct 2014 21:42:32 +0200
Original-Received: from localhost ([::1]:43211 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1XhOHH-0005SM-DY
	for ged-emacs-devel@m.gmane.org; Thu, 23 Oct 2014 15:42:31 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:40295)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <perry@piermont.com>) id 1XhOHE-0005SH-0I
	for emacs-devel@gnu.org; Thu, 23 Oct 2014 15:42:29 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <perry@piermont.com>) id 1XhOHB-0000L2-A2
	for emacs-devel@gnu.org; Thu, 23 Oct 2014 15:42:27 -0400
Original-Received: from hacklheber.piermont.com
	([2001:470:30:84:e276:63ff:fe62:3400]:41934)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <perry@piermont.com>)
	id 1XhOHB-0000Gg-6q; Thu, 23 Oct 2014 15:42:25 -0400
Original-Received: from snark.cb.piermont.com (localhost [127.0.0.1])
	by hacklheber.piermont.com (Postfix) with ESMTP id 2E4671513;
	Thu, 23 Oct 2014 15:42:24 -0400 (EDT)
Original-Received: from jabberwock.cb.piermont.com (jabberwock.cb.piermont.com
	[10.160.2.107])
	by snark.cb.piermont.com (Postfix) with ESMTP id E1DAF2DFCC4;
	Thu, 23 Oct 2014 15:42:23 -0400 (EDT)
In-Reply-To: <87vbnay5lf.fsf@mid.deneb.enyo.de>
X-Mailer: Claws Mail 3.10.1 (GTK+ 2.24.25; x86_64-apple-darwin14.0.0)
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x
X-Received-From: 2001:470:30:84:e276:63ff:fe62:3400
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:175754
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/175754>

On Thu, 23 Oct 2014 20:59:56 +0200 Florian Weimer <fw@deneb.enyo.de>
wrote:
> * Perry E. Metzger:
> 
> > On Thu, 23 Oct 2014 20:43:32 +0200 Florian Weimer
> > <fw@deneb.enyo.de>
> >> Keep in mind that TLS 1.0 basically has the same problem as SSL
> >> 3.0, and support for protocols beyond TLS 1.0 is not actually
> >> widespread.
> >
> > Connections to most of the top sites are TLS 1.2 at this point.
> > Google is TLS 1.2. Facebook is TLS 1.2. Amazon is TLS 1.2. Apple
> > is TLS 1.2. I could go on and on.
> 
> Many IMAP servers running on free software still use OpenSSL 1.0.0
> or even OpenSSL 0.9.8, which do not support TLS 1.2.
> Interoperability with those should be our priority, not the
> proprietary services you listed.

Free software has supported TLS 1.2 for a long time. What you're
claiming is that you know of loads of people who have failed to
upgrade their software -- but it is of course easy to upgrade if
you run free software, because nothing prevents you from getting
updated packages. Yes, the OLD versions of the packages don't support
TLS 1.2, but the new packages are readily available.

Anyway, this attitude is why the NSA has such an easy time spying on
the world. "We can't afford to have security, people might get
inconvenienced for the length of time needed to upgrade their
systems."

The intelligence agencies thank you for your inadvertent assistance
in assuring that various kinds of downgrade, padding and other attacks
will remain feasible for years to come.

Perry
-- 
Perry E. Metzger		perry@piermont.com