From: Lars Ingebrigtsen <larsi@gnus.org>
To: emacs-devel@gnu.org
Subject: Re: Deprecate TLS1.0 support in emacs
Date: Wed, 12 Jul 2017 21:05:04 +0200 [thread overview]
Message-ID: <87fue1v5lr.fsf@mouse> (raw)
In-Reply-To: <8760ex63hi.fsf@gmail.com> (Robert Pluim's message of "Wed, 12 Jul 2017 18:10:01 +0200")
Robert Pluim <rpluim@gmail.com> writes:
> There is no refusal of access, just refusal of a specific protocol. If
> we implement your suggestion from below there won't even be refusal.
It is a refusal to access a resource because somebody has determined
that a specific protocol (HTTP + TLS1.0) is something that our users
shouldn't be able to use.
lists.gnu.org is, of course, just one example.
> I appreciate that's a strong opinion, but I definitely think we should
> strongly encourage people to move away from both of these protocols.
Encouragement is fine, but making our users switch to Firefox because of
this obsession with protocols isn't.
As more and more resources are being made available over encrypted
channels only, and as more and more of these (as a result of bad
maintenance and the like) get tagged as "invalid encryption", something
has to give.
It seems like the current movement is to just to start ignoring whether
protocols are outdated, use invalid certificates and the like, and just
tell the user "you tried to access this via a secure channel. It's not,
but here's the content anyway".
I may be misremembering, but I think the new Chrome beta is going in
this direction: No explicit refusals to access anything, but just a big
red X in the menu bar saying "UNSAFE". It is, you know, not less safe
than accessing via an unencrypted channel.
I think this is probably the way Emacs should consider moving, too, for
eww and package-list. For other use, we may consider having the NSM
prompt the user for what to do with TLS1.0. But probably not just yet.
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
next prev parent reply other threads:[~2017-07-12 19:05 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-12 13:03 Deprecate TLS1.0 support in emacs Robert Pluim
2017-07-12 13:48 ` Lars Ingebrigtsen
2017-07-12 14:30 ` Robert Pluim
2017-07-12 14:36 ` Andreas Schwab
2017-07-12 14:39 ` Robert Pluim
2017-07-12 14:55 ` Andreas Schwab
2017-07-12 15:59 ` Robert Pluim
2017-07-12 14:44 ` Lars Ingebrigtsen
2017-07-12 16:10 ` Robert Pluim
2017-07-12 19:05 ` Lars Ingebrigtsen [this message]
2017-07-13 8:45 ` Robert Pluim
2017-07-13 12:25 ` Richard Stallman
2017-07-13 13:29 ` Robert Pluim
2017-08-01 12:02 ` Robert Pluim
2017-08-01 12:38 ` Lars Ingebrigtsen
2017-08-01 13:01 ` Robert Pluim
2017-08-01 14:45 ` Paul Eggert
2017-08-01 14:53 ` Lars Ingebrigtsen
2017-08-01 15:12 ` Robert Pluim
2017-08-01 17:56 ` Stefan Monnier
2017-08-03 11:48 ` Lars Ingebrigtsen
2017-08-03 15:52 ` Stefan Monnier
2017-08-03 19:30 ` Ted Zlatanov
2017-08-04 5:40 ` Eli Zaretskii
2017-08-04 13:13 ` Ted Zlatanov
2017-08-04 14:51 ` Eli Zaretskii
2017-08-04 17:26 ` Stefan Monnier
2017-08-04 19:50 ` Ted Zlatanov
2017-08-04 21:21 ` Stefan Monnier
2017-08-04 23:09 ` Ted Zlatanov
2017-08-05 7:21 ` Michael Albinus
2017-08-06 19:17 ` common Emacs notifications and alert.el (John W.) package (was: Deprecate TLS1.0 support in emacs) Ted Zlatanov
2017-08-07 1:42 ` common Emacs notifications and alert.el (John W.) package John Wiegley
2017-08-11 13:55 ` Ted Zlatanov
2017-08-15 17:06 ` common Emacs notifications and alert.el (John W.) package (was: Deprecate TLS1.0 support in emacs) Eli Zaretskii
2017-08-15 17:13 ` common Emacs notifications and alert.el (John W.) package John Wiegley
2017-08-04 14:59 ` Deprecate TLS1.0 support in emacs Michael Albinus
2017-08-03 19:39 ` Lars Ingebrigtsen
2017-08-04 21:35 ` Richard Stallman
2017-08-03 19:32 ` Ted Zlatanov
2017-08-04 3:17 ` Stefan Monnier
2017-08-04 13:09 ` Ted Zlatanov
2017-08-04 15:02 ` Lars Ingebrigtsen
2017-08-04 17:29 ` Stefan Monnier
2017-08-07 9:54 ` Robert Pluim
2017-08-10 15:33 ` Ted Zlatanov
2017-08-11 3:15 ` Paul Eggert
2017-08-11 13:53 ` Ted Zlatanov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87fue1v5lr.fsf@mouse \
--to=larsi@gnus.org \
--cc=emacs-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).