From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Ted Zlatanov <tzz@lifelogs.com>
Newsgroups: gmane.emacs.devel
Subject: Re: Network security manager
Date: Tue, 18 Nov 2014 10:10:46 -0500
Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos
Message-ID: <87a93oilxl.fsf@lifelogs.com>
References: <m3zjbqouyk.fsf@stories.gnus.org>
	<jwvk32uq67g.fsf-monnier+emacs@gnu.org>
	<85a93pj1n5.fsf@stephe-leake.org> <m3oas5am0b.fsf@stories.gnus.org>
	<CAG-q9=Z7_T1-AYz=pYjvJeg1BM1i9VjYAu76V_pD5F7MpR8a2A@mail.gmail.com>
	<m3bno5igmh.fsf@stories.gnus.org>
	<87sihg7r73.fsf@alrua-karlstad.karlstad.toke.dk>
Reply-To: emacs-devel@gnu.org
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Trace: ger.gmane.org 1416323449 8718 80.91.229.3 (18 Nov 2014 15:10:49 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Tue, 18 Nov 2014 15:10:49 +0000 (UTC)
To: emacs-devel@gnu.org
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Nov 18 16:10:43 2014
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1XqkQV-0004DA-9e
	for ged-emacs-devel@m.gmane.org; Tue, 18 Nov 2014 16:10:43 +0100
Original-Received: from localhost ([::1]:53730 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1XqkQU-00012J-Pz
	for ged-emacs-devel@m.gmane.org; Tue, 18 Nov 2014 10:10:42 -0500
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:50534)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1XqkQM-000123-3X
	for emacs-devel@gnu.org; Tue, 18 Nov 2014 10:10:39 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1XqkQG-0007AM-2t
	for emacs-devel@gnu.org; Tue, 18 Nov 2014 10:10:34 -0500
Original-Received: from plane.gmane.org ([80.91.229.3]:38555)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1XqkQF-0007AA-T1
	for emacs-devel@gnu.org; Tue, 18 Nov 2014 10:10:28 -0500
Original-Received: from list by plane.gmane.org with local (Exim 4.69)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1XqkQE-000442-D9
	for emacs-devel@gnu.org; Tue, 18 Nov 2014 16:10:26 +0100
Original-Received: from c-98-229-61-72.hsd1.ma.comcast.net ([98.229.61.72])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <emacs-devel@gnu.org>; Tue, 18 Nov 2014 16:10:26 +0100
Original-Received: from tzz by c-98-229-61-72.hsd1.ma.comcast.net with local (Gmexim
	0.1 (Debian)) id 1AlnuQ-0007hv-00
	for <emacs-devel@gnu.org>; Tue, 18 Nov 2014 16:10:26 +0100
X-Injected-Via-Gmane: http://gmane.org/
Mail-Followup-To: emacs-devel@gnu.org
Original-Lines: 27
Original-X-Complaints-To: usenet@ger.gmane.org
X-Gmane-NNTP-Posting-Host: c-98-229-61-72.hsd1.ma.comcast.net
X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6;
	d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT=
	D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx"
Mail-Copies-To: never
User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux)
Cancel-Lock: sha1:6oiL6PvncnUivpqwiddwg4NWOD0=
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 80.91.229.3
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:177556
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/177556>

On Tue, 18 Nov 2014 11:12:32 +0100 Toke Høiland-Jørgensen <toke@toke.dk> wrote: 

TH> incidentally, does Emacs check the cipher mode of the connection
TH> itself (I'm assuming this warning pertains to the certificate
TH> itself, not the connection encryption).

No, after establishing the connection we don't check its properties.  In
many cases, depending on the priority string, it could be very different
from what we expected IIUC, so this is neither simple nor very useful.

TH> I have (setq gnutls-algorithm-priority "PFS") in my .emacs, but
TH> AFAIK that is not the default (and it does fail in some cases). For
TH> instance, in light of POODLE, turning off SSLv3 completely would
TH> probably be a good idea, at least as a default?

This was discussed recently here and in the GnuTLS mailing list.  With
the default settings in Emacs, it's not vulnerable to POODLE.

TH> Finally, doing DANE verification (and trusting that more than the CA)
TH> would be nice; but not sure how viably it is presently.

Can you clarify?  What are the requirements and benefits in your opinion?

Also, would you like to integrate your TOFU patch with the new nsm branch?

Thanks
Ted