From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!.POSTED!not-for-mail
From: Lars Ingebrigtsen <larsi@gnus.org>
Newsgroups: gmane.emacs.devel
Subject: Re: Deprecate TLS1.0 support in emacs
Date: Thu, 03 Aug 2017 13:48:20 +0200
Message-ID: <873798j2ij.fsf@mouse>
References: <87o9sp7qok.fsf@gmail.com> <87zic9vk98.fsf@mouse>
	<87fue17mo5.fsf@gmail.com> <87tw2hvhob.fsf@mouse>
	<8760ex63hi.fsf@gmail.com> <87fue1v5lr.fsf@mouse>
	<E1dVdBY-0005SJ-QM@fencepost.gnu.org> <87shi0tqh3.fsf@gmail.com>
	<87d18fwl66.fsf@gmail.com> <87tw1rihu0.fsf@mouse>
	<4037dc81-4245-6925-842a-2c84a5ba996d@cs.ucla.edu>
	<87pocfibky.fsf@mouse>
	<jwvini7cgvq.fsf-monnier+gmane.emacs.devel@gnu.org>
NNTP-Posting-Host: blaine.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: blaine.gmane.org 1501760966 26782 195.159.176.226 (3 Aug 2017 11:49:26 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Thu, 3 Aug 2017 11:49:26 +0000 (UTC)
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.0.50 (gnu/linux)
Cc: emacs-devel@gnu.org
To: Stefan Monnier <monnier@iro.umontreal.ca>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Thu Aug 03 13:49:17 2017
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by blaine.gmane.org with esmtp (Exim 4.84_2)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1ddEcr-0006LV-Cz
	for ged-emacs-devel@m.gmane.org; Thu, 03 Aug 2017 13:49:13 +0200
Original-Received: from localhost ([::1]:34136 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1ddEcx-0007eg-AJ
	for ged-emacs-devel@m.gmane.org; Thu, 03 Aug 2017 07:49:19 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:41421)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <larsi@gnus.org>) id 1ddEcL-0007di-UJ
	for emacs-devel@gnu.org; Thu, 03 Aug 2017 07:48:43 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <larsi@gnus.org>) id 1ddEcH-0007e9-IO
	for emacs-devel@gnu.org; Thu, 03 Aug 2017 07:48:41 -0400
Original-Received: from hermes.netfonds.no ([80.91.224.195]:52555)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <larsi@gnus.org>) id 1ddEcH-00073S-BI
	for emacs-devel@gnu.org; Thu, 03 Aug 2017 07:48:37 -0400
Original-Received: from cm-84.209.243.26.getinternet.no ([84.209.243.26] helo=mouse)
	by hermes.netfonds.no with esmtpsa
	(TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2)
	(envelope-from <larsi@gnus.org>)
	id 1ddEc0-0007Zy-Gy; Thu, 03 Aug 2017 13:48:22 +0200
In-Reply-To: <jwvini7cgvq.fsf-monnier+gmane.emacs.devel@gnu.org> (Stefan
	Monnier's message of "Tue, 01 Aug 2017 13:56:02 -0400")
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
	[fuzzy]
X-Received-From: 80.91.224.195
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel/>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: "Emacs-devel" <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.emacs.devel:217258
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/217258>

Stefan Monnier <monnier@iro.umontreal.ca> writes:

>> Yes, I agree.  eww, for instance, could remove the green URL when using
>> TLS 1.0, etc.  But the proposed NSM warning (which would make the user
>> answer "y" to a direct question about the TLS-ness) is too heavy, in my
>> opinion.
>
> Could we replace the prompt with a simple message (and if the message
> gets overwritten too soon, maybe adding a short delay)?

Hm...  that sounds like a nice compromise.  However, there might be a
lot of these messages if, for instance, the user visits a web page where
all the images are being served over a TLS connection we're warning
about.

Or perhaps warnings in those instances should be inhibited?

Anyway, the NSM layer could be easily extended to add certain
notifications to each security level.  So you'd get something like

"Connection to fsf.org:443 is less secure because of an old TLS version"

or along those lines flashing in the minibuffer...

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no