From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.devel Subject: Re: A couple of questions and concerns about Emacs network security Date: Fri, 06 Jul 2018 15:41:30 +0300 Message-ID: <83po00leo5.fsf@gnu.org> References: <83po0iuhs7.fsf@gnu.org> <20180705113320.17e6b8ee@jabberwock.cb.piermont.com> <83po01mrvh.fsf@gnu.org> <87po00ahg9.fsf@gmail.com> <83601sn3yu.fsf@gnu.org> <87wou8itoy.fsf@gmx.net> NNTP-Posting-Host: blaine.gmane.org X-Trace: blaine.gmane.org 1530880962 28707 195.159.176.226 (6 Jul 2018 12:42:42 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Fri, 6 Jul 2018 12:42:42 +0000 (UTC) Cc: rpluim@gmail.com, emacs-devel@gnu.org To: Stephen Berman Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Fri Jul 06 14:42:38 2018 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fbQ4L-0007Kn-7s for ged-emacs-devel@m.gmane.org; Fri, 06 Jul 2018 14:42:37 +0200 Original-Received: from localhost ([::1]:57679 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fbQ6S-0005Yv-Es for ged-emacs-devel@m.gmane.org; Fri, 06 Jul 2018 08:44:48 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:45374) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fbQ3I-00035w-CL for emacs-devel@gnu.org; Fri, 06 Jul 2018 08:41:33 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fbQ3E-000586-F9 for emacs-devel@gnu.org; Fri, 06 Jul 2018 08:41:32 -0400 Original-Received: from fencepost.gnu.org ([2001:4830:134:3::e]:58447) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fbQ3E-000580-AX; Fri, 06 Jul 2018 08:41:28 -0400 Original-Received: from [176.228.60.248] (port=4185 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1fbQ3D-00041Z-RB; Fri, 06 Jul 2018 08:41:28 -0400 In-reply-to: <87wou8itoy.fsf@gmx.net> (message from Stephen Berman on Fri, 06 Jul 2018 11:45:17 +0200) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:227000 Archived-At: > From: Stephen Berman > Cc: Robert Pluim , emacs-devel@gnu.org > Date: Fri, 06 Jul 2018 11:45:17 +0200 > > After setting gnutls-min-prime-bits to 1024 I no longer get this > warning. > > Given this, it seems reasonable to conclude that most Emacs users who > continue to use the current default setting are aware of the risk, and > those who have changed it haven't experienced a problem worth reporting. > Therefore, changing the default at this time is not likely to cause a > problem for most long-time users, and will be safer for all new users, > and most likely unproblematic for them (and if it is a problem, then > they will know the trade-off). Thanks, but I don't see how can we deduce "most" from any such reports. And the users who have made such a setting don't need the defaults to change anyway. Not that "most" counts here, anyway: the whole point of prolonged testing of modified defaults is to uncover those rare use cases where the new values do some harm, and see whether we need to augment the new settings with something. I see no way around that, sorry, not when a feature as basic as network connections is concerned.