From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.devel Subject: Re: A couple of questions and concerns about Emacs network security Date: Thu, 05 Jul 2018 16:49:30 +0300 Message-ID: <83wou9n66t.fsf@gnu.org> References: <20180705093346.071e6970@jabberwock.cb.piermont.com> NNTP-Posting-Host: blaine.gmane.org X-Trace: blaine.gmane.org 1530798571 29224 195.159.176.226 (5 Jul 2018 13:49:31 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Thu, 5 Jul 2018 13:49:31 +0000 (UTC) Cc: larsi@gnus.org, eggert@cs.ucla.edu, wyuenho@gmail.com, emacs-devel@gnu.org To: "Perry E. Metzger" Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Thu Jul 05 15:49:27 2018 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fb4dS-0007S7-8y for ged-emacs-devel@m.gmane.org; Thu, 05 Jul 2018 15:49:26 +0200 Original-Received: from localhost ([::1]:52920 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fb4fZ-0006s2-CF for ged-emacs-devel@m.gmane.org; Thu, 05 Jul 2018 09:51:37 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:51689) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fb4db-0006C8-Bc for emacs-devel@gnu.org; Thu, 05 Jul 2018 09:49:36 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fb4dY-0002wZ-7m for emacs-devel@gnu.org; Thu, 05 Jul 2018 09:49:35 -0400 Original-Received: from fencepost.gnu.org ([2001:4830:134:3::e]:57592) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fb4dY-0002w7-4Z; Thu, 05 Jul 2018 09:49:32 -0400 Original-Received: from [176.228.60.248] (port=2909 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1fb4dX-0000Hr-ID; Thu, 05 Jul 2018 09:49:31 -0400 In-reply-to: <20180705093346.071e6970@jabberwock.cb.piermont.com> (perry@piermont.com) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:226951 Archived-At: > Date: Thu, 5 Jul 2018 09:33:46 -0400 > From: "Perry E. Metzger" > Cc: Paul Eggert , Jimmy Yuen Ho Wong , > emacs-devel@gnu.org > > Pinning is what is done by sites like gmail to prevent third world > dictatorships from using stolen certificate credentials to spy on > their citizens. People who have been victims of this have had their > email read, been arrested by state security forces for dissent, and > have been tortured to death for lack of certificate pinning working > in their browsers. > > This is a matter of life and death for many people. > > > do this via ELPA, I think. Whether it's worth doing is another > > issue; I think the jury is still out on that one... > > Do you think it's worth keeping people from quite literally being > tortured to death? > > For most of the secure HTTP stuff we've been discussing, I would far > rather be inconvenienced here and there than know my slight extra > convenience was being paid for in human blood. It isn't the Emacs way to second-guess our users' needs, definitely not to decide for them what is and what isn't a matter of life and death for them. We provide options with some reasonable defaults, and then let users make informed decisions which defaults are not good enough for them. It is IMO unreasonable to make our defaults match what happens in dictatorships that you describe, because that would unnecessarily inconvenience the majority of the users. Let's not follow the bad example of the TSA (whose rationale is, unsurprisingly, also matters of life and death).