From: Robert Pluim <rpluim@gmail.com>
To: emacs-devel@gnu.org
Subject: Re: Deprecate TLS1.0 support in emacs
Date: Wed, 12 Jul 2017 18:10:01 +0200 [thread overview]
Message-ID: <8760ex63hi.fsf@gmail.com> (raw)
In-Reply-To: 87tw2hvhob.fsf@mouse
Lars Ingebrigtsen <larsi@gnus.org> writes:
> Robert Pluim <rpluim@gmail.com> writes:
>
>> TLS1.0 is a seriously insecure protocol. I refrained from doing what I
>> actually wanted to do, which is deprecate TLS1.1 as well. I think it's
>> a disservice to allow TLS1.0 to continue to be used.
>
> It's no more "insecure" to read lists.gnu.org via HTTPS than it is via
> HTTP, which is also an option. Denying the former while allowing the
> latter is rather nonsensical.
This is not about reading lists.gnu.org specifically, this is about
all TLS protocol use from emacs. That should not use protocols that
contain known serious security flaws if we can avoid it. When you
choose to use https you have an expectation of security, unlike with
http, so we should attempt to fulfill that expectation.
> And if it had been available only via HTTPS, then refusing Emacs users
> to access it would also have a security impact: Refusing access to
> information is not "security", but the opposite.
There is no refusal of access, just refusal of a specific protocol. If
we implement your suggestion from below there won't even be refusal.
>> That could be done with nsm, but only if you'll accept setting the
>> default network-security-level to 'high, or adding a specific check
>> for protocol version at 'medium. Option 1 looks something like this:
>
> No, `high' should be reserved for people that want higher than normal
> network security.
OK, then we should integrate a check like this into `medium'. TLS1.0
should be warned about in the default configuration. I'd argue that
TLS1.1 should be as well, but we can always revisit that later.
I'll see if I can come up with a patch tomorrow.
> It might make sense to warn for TLS1.0 on `medium', though, but I'd have
> to check what other web browsers do here. I think, for instance, that
> Firefox still supports TLS1.0, and gives no warning, either. So unless
> I've misunderstood the Firefox situation, I don't think we should do
> anything here.
Firefox still allows TLS1.0, unless you configure it in paranoid mode,
like yours truly.
> More long-term, I think it may make sense to just treat these "insecure"
> protocols as if they were unencrypted, user interface wise, but that
> would be up to each individual application (eww, package-list, etc) and
> not further down in the network stack? Perhaps?
No, we should just attempt to eradicate the use of TLS1.0 (and
TLS1.1), not allow people to keep using them :-)
I appreciate that's a strong opinion, but I definitely think we should
strongly encourage people to move away from both of these protocols.
Robert
next prev parent reply other threads:[~2017-07-12 16:10 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-12 13:03 Deprecate TLS1.0 support in emacs Robert Pluim
2017-07-12 13:48 ` Lars Ingebrigtsen
2017-07-12 14:30 ` Robert Pluim
2017-07-12 14:36 ` Andreas Schwab
2017-07-12 14:39 ` Robert Pluim
2017-07-12 14:55 ` Andreas Schwab
2017-07-12 15:59 ` Robert Pluim
2017-07-12 14:44 ` Lars Ingebrigtsen
2017-07-12 16:10 ` Robert Pluim [this message]
2017-07-12 19:05 ` Lars Ingebrigtsen
2017-07-13 8:45 ` Robert Pluim
2017-07-13 12:25 ` Richard Stallman
2017-07-13 13:29 ` Robert Pluim
2017-08-01 12:02 ` Robert Pluim
2017-08-01 12:38 ` Lars Ingebrigtsen
2017-08-01 13:01 ` Robert Pluim
2017-08-01 14:45 ` Paul Eggert
2017-08-01 14:53 ` Lars Ingebrigtsen
2017-08-01 15:12 ` Robert Pluim
2017-08-01 17:56 ` Stefan Monnier
2017-08-03 11:48 ` Lars Ingebrigtsen
2017-08-03 15:52 ` Stefan Monnier
2017-08-03 19:30 ` Ted Zlatanov
2017-08-04 5:40 ` Eli Zaretskii
2017-08-04 13:13 ` Ted Zlatanov
2017-08-04 14:51 ` Eli Zaretskii
2017-08-04 17:26 ` Stefan Monnier
2017-08-04 19:50 ` Ted Zlatanov
2017-08-04 21:21 ` Stefan Monnier
2017-08-04 23:09 ` Ted Zlatanov
2017-08-05 7:21 ` Michael Albinus
2017-08-06 19:17 ` common Emacs notifications and alert.el (John W.) package (was: Deprecate TLS1.0 support in emacs) Ted Zlatanov
2017-08-07 1:42 ` common Emacs notifications and alert.el (John W.) package John Wiegley
2017-08-11 13:55 ` Ted Zlatanov
2017-08-15 17:06 ` common Emacs notifications and alert.el (John W.) package (was: Deprecate TLS1.0 support in emacs) Eli Zaretskii
2017-08-15 17:13 ` common Emacs notifications and alert.el (John W.) package John Wiegley
2017-08-04 14:59 ` Deprecate TLS1.0 support in emacs Michael Albinus
2017-08-03 19:39 ` Lars Ingebrigtsen
2017-08-04 21:35 ` Richard Stallman
2017-08-03 19:32 ` Ted Zlatanov
2017-08-04 3:17 ` Stefan Monnier
2017-08-04 13:09 ` Ted Zlatanov
2017-08-04 15:02 ` Lars Ingebrigtsen
2017-08-04 17:29 ` Stefan Monnier
2017-08-07 9:54 ` Robert Pluim
2017-08-10 15:33 ` Ted Zlatanov
2017-08-11 3:15 ` Paul Eggert
2017-08-11 13:53 ` Ted Zlatanov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8760ex63hi.fsf@gmail.com \
--to=rpluim@gmail.com \
--cc=emacs-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).