From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: "Perry E. Metzger" <perry@piermont.com>
Newsgroups: gmane.emacs.devel
Subject: Re: Bug#766395: emacs/gnus: Uses s_client to for SSL.
Date: Tue, 28 Oct 2014 13:11:55 -0400
Message-ID: <20141028131155.07cb1f95@jabberwock.cb.piermont.com>
References: <20141022193441.GA11872@roeckx.be>
	<87zjcnj2k6.fsf@trouble.defaultvalue.org>
	<E1XhLLS-0005Pt-BQ@fencepost.gnu.org>
	<87mw8mzmxj.fsf@mid.deneb.enyo.de>
	<20141023143702.3897e618@jabberwock.cb.piermont.com>
	<8761fazkx7.fsf@mid.deneb.enyo.de>
	<20141023145721.12ed0820@jabberwock.cb.piermont.com>
	<87vbnay5lf.fsf@mid.deneb.enyo.de>
	<20141023154223.45f2c9eb@jabberwock.cb.piermont.com>
	<874muuihjh.fsf@uwakimon.sk.tsukuba.ac.jp>
	<20141023230048.13f8234a@jabberwock.cb.piermont.com>
	<87wq7pgpif.fsf@uwakimon.sk.tsukuba.ac.jp>
	<20141024171421.78720abe@jabberwock.cb.piermont.com>
	<87r3xxgmx2.fsf@uwakimon.sk.tsukuba.ac.jp>
	<20141024204202.276dbb1f@jabberwock.cb.piermont.com>
	<8738a95t6b.fsf@uwakimon.sk.tsukuba.ac.jp>
	<20141027153954.08930677@jabberwock.cb.piermont.com>
	<87lho04qvn.fsf@uwakimon.sk.tsukuba.ac.jp>
	<jwvwq7kb9uj.fsf-monnier+emacs@gnu.org>
	<20141028111903.199d44ab@jabberwock.cb.piermont.com>
	<jwvr3xsuomm.fsf-monnier+emacs@gnu.org>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Trace: ger.gmane.org 1414516347 9081 80.91.229.3 (28 Oct 2014 17:12:27 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Tue, 28 Oct 2014 17:12:27 +0000 (UTC)
Cc: rms@gnu.org, kurt@roeckx.be, emacs-devel@gnu.org,
	Florian Weimer <fw@deneb.enyo.de>,
	"Stephen J. Turnbull" <stephen@xemacs.org>,
	Rob Browning <rlb@defaultvalue.org>
To: Stefan Monnier <monnier@iro.umontreal.ca>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Oct 28 18:12:19 2014
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1XjAJc-0000l3-LA
	for ged-emacs-devel@m.gmane.org; Tue, 28 Oct 2014 18:12:16 +0100
Original-Received: from localhost ([::1]:40515 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1XjAJc-0007pq-75
	for ged-emacs-devel@m.gmane.org; Tue, 28 Oct 2014 13:12:16 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:41860)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <perry@piermont.com>) id 1XjAJV-0007p9-61
	for emacs-devel@gnu.org; Tue, 28 Oct 2014 13:12:13 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <perry@piermont.com>) id 1XjAJL-0003Rv-BW
	for emacs-devel@gnu.org; Tue, 28 Oct 2014 13:12:09 -0400
Original-Received: from hacklheber.piermont.com ([166.84.7.14]:47136)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <perry@piermont.com>)
	id 1XjAJL-0003Rr-90; Tue, 28 Oct 2014 13:11:59 -0400
Original-Received: from snark.cb.piermont.com (localhost [127.0.0.1])
	by hacklheber.piermont.com (Postfix) with ESMTP id 44BA71432;
	Tue, 28 Oct 2014 13:11:56 -0400 (EDT)
Original-Received: from jabberwock.cb.piermont.com (jabberwock.cb.piermont.com
	[10.160.2.107])
	by snark.cb.piermont.com (Postfix) with ESMTP id 2FA4E2DE546;
	Tue, 28 Oct 2014 13:11:56 -0400 (EDT)
In-Reply-To: <jwvr3xsuomm.fsf-monnier+emacs@gnu.org>
X-Mailer: Claws Mail 3.10.1 (GTK+ 2.24.25; x86_64-apple-darwin14.0.0)
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x
X-Received-From: 166.84.7.14
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:175933
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/175933>

On Tue, 28 Oct 2014 12:52:55 -0400 Stefan Monnier
<monnier@iro.umontreal.ca> wrote:
> > (I'll point out that given that the NSA "Ant Catalog" includes a
> > bunch of BIOS-inserted malware and other load-time infection
> > techniques. Secure booting is actually a priority for ordinary
> > people.
> 
> How would secure-booting protect the user against BIOS-inserted
> malware? A Free BIOS would seem to be much more useful/effective
> for that purpose.

It is necessary but not sufficient to have a free software BIOS. You
also need to make it difficult to modify the BIOS without physical
access to the machine (unless the user has put in a particular jumper
and the new BIOS is signed by a key the user trusts or some such.
There are legitimate applications for remote BIOS upgrades, but not
for normal users.)

Note that there are interesting ways to exploit BIOS code even
without replacing it unless one takes great care -- see, for example,
the recent round of UEFI exploits.

However, as you note, we have gotten far afield from the topic.

Perry
-- 
Perry E. Metzger		perry@piermont.com